Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PmsbthDWFX.exe

Overview

General Information

Sample name:PmsbthDWFX.exe
(renamed file extension from bin to exe, renamed because original name is a hash value)
Original sample name:b53390dba0e0c227341f3c688be3aef91455c4f926e6527af6ce1e4acf74a7b3.bin
Analysis ID:1591996
MD5:ebf5b897e0e4b90143764fc39e0c5a21
SHA1:244eb29a512f1cc980bcfdc3bda2c62e1954c6d7
SHA256:b53390dba0e0c227341f3c688be3aef91455c4f926e6527af6ce1e4acf74a7b3
Infos:

Detection

Score:14
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:32
Range:0 - 100

Signatures

Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Queries device information via Setup API
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Spawns drivers
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PmsbthDWFX.exe (PID: 6468 cmdline: "C:\Users\user\Desktop\PmsbthDWFX.exe" MD5: EBF5B897E0E4B90143764FC39E0C5A21)
    • flux.exe (PID: 5948 cmdline: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma MD5: 036B38DD2F7D5991117CCE7C9FC2FE8B)
  • LogonUI.exe (PID: 6668 cmdline: "LogonUI.exe" /flags:0x4 /state0:0xa3f8a055 /state1:0x41c64e6d MD5: 893144FE49AA16124B5BD3034E79BBC6)
  • cdd.dll (PID: 4 cmdline: MD5: 9B684213A399B4E286982BDAD6CF3D07)
  • fontdrvhost.exe (PID: 2964 cmdline: "fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
  • LogonUI.exe (PID: 3184 cmdline: "LogonUI.exe" /flags:0x2 /state0:0xa3f96055 /state1:0x41c64e6d MD5: 893144FE49AA16124B5BD3034E79BBC6)
  • cdd.dll (PID: 4 cmdline: MD5: 9B684213A399B4E286982BDAD6CF3D07)
  • LogonUI.exe (PID: 6752 cmdline: "LogonUI.exe" /flags:0x2 /state0:0xa3f9e855 /state1:0x41c64e6d MD5: 893144FE49AA16124B5BD3034E79BBC6)
  • fontdrvhost.exe (PID: 2076 cmdline: "fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
  • cdd.dll (PID: 4 cmdline: MD5: 9B684213A399B4E286982BDAD6CF3D07)
  • LogonUI.exe (PID: 5268 cmdline: "LogonUI.exe" /flags:0x2 /state0:0xa3fae055 /state1:0x41c64e6d MD5: 893144FE49AA16124B5BD3034E79BBC6)
  • fontdrvhost.exe (PID: 6500 cmdline: "fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
  • cdd.dll (PID: 4 cmdline: MD5: 9B684213A399B4E286982BDAD6CF3D07)
  • fontdrvhost.exe (PID: 5784 cmdline: "fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
  • LogonUI.exe (PID: 5256 cmdline: "LogonUI.exe" /flags:0x2 /state0:0xa3fb5855 /state1:0x41c64e6d MD5: 893144FE49AA16124B5BD3034E79BBC6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\cdd.dll, NewProcessName: C:\Windows\System32\cdd.dll, OriginalFileName: C:\Windows\System32\cdd.dll, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: cdd.dll

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F91040 InterlockedIncrement,CryptAcquireContextA,InterlockedIncrement,CryptGenRandom,2_2_00F91040
Source: C:\Users\user\Desktop\PmsbthDWFX.exeEXE: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\PmsbthDWFX.exeEXE: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeJump to behavior
Uses 32bit PE files
Source: PmsbthDWFX.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\PmsbthDWFX.exeWindow detected: AcceptCancelNullsoft Install System v2.51 Nullsoft Install System v2.51License AgreementPlease review the license terms before installing f.lux.Press Page Down to see the rest of the agreement.BY CLICKING ON THE "ACCEPT" BUTTON "YOU" (MEANING YOU PERSONALLY AND NOT A COMPANY OR OTHER CORPORATE ENTITY) ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LICENSE AGREEMENT ("AGREEMENT"). IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT CLICK THE "CANCEL" BUTTON AND THE DOWNLOAD/INSTALLATION PROCESS WILL NOT CONTINUE. IF THESE TERMS ARE CONSIDERED AN OFFER ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.GRANT. Subject to your full compliance with all the terms of this Agreement Flux Software LLC ("Company") hereby grants you (and only you) a limited personal non-sublicensable non-transferable royalty-free nonexclusive license to use internally the software that you are about to download or install ("Software") only in accordance with the Company documentation that accompanies it. In addition to any compatible personal devices you may download and install the Software on any compatible work device(s) provided that you (1) obtain all necessary permissions consents and waivers from your employer to do so (2) assume all risks and liabilities relating to the Software on such devices and (3) require your employer to release Company from any and all liability to Company relating to the download installation or use of the Software.RESTRICTIONS. You may not (and agree not to and not authorize or enable others to) directly or indirectly: (a) copy distribute redistribute rent lease mirror timeshare operate a service bureau or otherwise use for the benefit of a third party the Software; (b) disassemble decompile attempt to discover the source code or structure sequence and organization of or otherwise reverse engineer the Software (except to the extent applicable law prohibits restrictions on reverse engineering); (c) remove any proprietary notices from the Software; or (d) bundle the Software with any third party software product or service. You understand that Company may modify or discontinue offering the Software at any time. For the avoidance of doubt the foregoing restrictions apply to any company or corporate entity (or its affiliates or agents acting on its behalf) (each an "Entity") and no Entity shall download or install the Software for the purposes of mirroring or distributing it to its employees or otherwise.SUPPORT AND UPGRADES. This Agreement does not entitle you to any support upgrades patches enhancements or fixes for the Software (collectively "Support"). The Software may automatically download and install updates from time to time on the device(s) that you have downloaded and installed the Software on. You agree to receive any such updates and any Support and/or updates for the Software that may be made available by Company shall become part of the Software and subject to this Agreement. The Company reserves the right in its
PE / OLE file has a valid certificate
Source: PmsbthDWFX.exeStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.dr
Source: Binary string: c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb$ source: flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb$ N, source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe.0.dr
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F92780 __wsplitpath,InterlockedDecrement,InterlockedIncrement,DeleteUrlCacheEntry,__makepath_s,URLDownloadToFileA,__makepath_s,GetFileAttributesA,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,2_2_00F92780
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: PmsbthDWFX.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: PmsbthDWFX.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://api.fluxometer.com
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://api.fluxometer.comtruessdp:allPhilips
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://apihttps://%d-%d-%s%sauth/reset.postPOSTownersettingssensoractivity%s/auth/create?name=anon%
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://discovery.meethue.com/
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://discovery.meethue.com/internalipaddresshttp://%s/upnphue//lights/ctbrinot
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://fluxometer.com/
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://fluxometer.com/disableoffermessageurlpromoexpirepopsilentwebf.luxdeviceanondevicefor
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/crash
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/crashf.lux
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/f.lux
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/geo
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/geollUseWinLocation
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/offer/windows.json
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/update/v4/
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/update/v4/windows-beta.jsonhttps://justgetflux.com/update/v4/windows.jsonhtt
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/update/v4/windows.json
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/contribute.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/contribute.htmlMake
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/forum.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/forum.htmlVisit
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/lights.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/lights.htmlalarmhotkeysSurfaceKeysDisableUpdateSlowFadeWideSliderUse
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/moreabout.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/moreabout.htmlfluxometer.com:
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/preset.json
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/release.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/release.htmlRead
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/support.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/support.htmlRead
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/watchdog.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/windows/watchdog.html/crashflux/cam
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/winmap.html
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drString found in binary or memory: https://justgetflux.com/winmap.html%s?lat=%f&lng=%f%s?geo=%sredirlatlngZIP
Source: PmsbthDWFX.exe, flux.exe.0.drString found in binary or memory: https://sectigo.com/CPS0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F718D0 InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,MessageBoxA,IsWindow,IsWindowVisible,PostMessageA,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,2_2_00F718D0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F71BE8 InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,MessageBoxA,IsWindow,IsWindowVisible,PostMessageA,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,2_2_00F71BE8
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F71B47 InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,MessageBoxA,IsWindow,IsWindowVisible,PostMessageA,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,2_2_00F71B47
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F71D66 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,MessageBoxA,IsWindow,IsWindowVisible,PostMessageA,InterlockedDecrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,InterlockedDecrement,InterlockedIncrement,2_2_00F71D66
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F7C0D0 GetCursorPos,GetCursorPos,GetCursorPos,ClientToScreen,InterlockedDecrement,InterlockedIncrement,__time64,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,2_2_00F7C0D0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary,0_2_100010D0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F877C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_00F877C0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_004047D30_2_004047D3
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_004061D40_2_004061D4
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB60E02_2_00FB60E0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F7C0D02_2_00F7C0D0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD61E02_2_00FD61E0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_0101604E2_2_0101604E
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB81302_2_00FB8130
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F6A2C02_2_00F6A2C0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F742402_2_00F74240
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE63202_2_00FE6320
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F885002_2_00F88500
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F866F02_2_00F866F0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_010027782_2_01002778
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD465C2_2_00FD465C
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F907802_2_00F90780
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE47402_2_00FE4740
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_0100E6D02_2_0100E6D0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F8E7002_2_00F8E700
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE08E02_2_00FE08E0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB88B72_2_00FB88B7
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB88702_2_00FB8870
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FDE8302_2_00FDE830
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F769F02_2_00F769F0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FAC9B02_2_00FAC9B0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE49402_2_00FE4940
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F9AAE02_2_00F9AAE0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD4A802_2_00FD4A80
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB8A302_2_00FB8A30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD0BD02_2_00FD0BD0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD4B0B2_2_00FD4B0B
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01010D122_2_01010D12
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE4CB02_2_00FE4CB0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FCCC502_2_00FCCC50
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD8C202_2_00FD8C20
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_0100EC142_2_0100EC14
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE8D402_2_00FE8D40
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE8E502_2_00FE8E50
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F8CE402_2_00F8CE40
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FAAFE02_2_00FAAFE0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FEAFE02_2_00FEAFE0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F96F002_2_00F96F00
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_0100F1582_2_0100F158
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F830902_2_00F83090
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F731EB2_2_00F731EB
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F731402_2_00F73140
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FC51002_2_00FC5100
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB32302_2_00FB3230
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F773C92_2_00F773C9
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD738E2_2_00FD738E
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F7336E2_2_00F7336E
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_0100D2E62_2_0100D2E6
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FA54E02_2_00FA54E0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F8D4592_2_00F8D459
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB94202_2_00FB9420
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FAF5902_2_00FAF590
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_010057132_2_01005713
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE56C02_2_00FE56C0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB76A02_2_00FB76A0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F676002_2_00F67600
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F6D7F02_2_00F6D7F0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_010136492_2_01013649
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FCD7A02_2_00FCD7A0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F957402_2_00F95740
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F718D02_2_00F718D0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FE39702_2_00FE3970
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FADAE02_2_00FADAE0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD9CC92_2_00FD9CC9
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FC1C402_2_00FC1C40
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F91D102_2_00F91D10
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F6FEA02_2_00F6FEA0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD7FE02_2_00FD7FE0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FEBF402_2_00FEBF40
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FD3F302_2_00FD3F30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 00F61480 appears 36 times
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 00F61920 appears 38 times
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 00FAEA60 appears 38 times
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 01002D40 appears 50 times
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 00F61310 appears 40 times
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 00F7E8C0 appears 65 times
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: String function: 00FFD4B4 appears 69 times
Source: PmsbthDWFX.exe, 00000000.00000003.2119675903.000000000290A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameflux.exe, vs PmsbthDWFX.exe
Source: unknownDriver loaded: C:\Windows\System32\cdd.dll
Source: PmsbthDWFX.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: clean14.winEXE@12/5@1/0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FA6F00 GetLastError,FormatMessageA,MessageBoxA,LocalFree,2_2_00FA6F00
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F877C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_00F877C0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FC3D10 lstrlenW,_malloc,WideCharToMultiByte,LoadLibraryExA,FindResourceA,LoadResource,SizeofResource,FreeLibrary,2_2_00FC3D10
Source: C:\Users\user\Desktop\PmsbthDWFX.exeFile created: C:\Users\user\AppData\Local\FluxSoftwareJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeFile created: C:\Users\user\AppData\Local\Temp\nsr7DE9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: /silentunlock2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: /unlockwingamma2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: /silentlock2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: /lockwingamma2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: /crash2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: F.lux2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: noshow2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: /crash2_2_00F7DF30
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCommand line argument: flux/#fluxicon2_2_00F7DF30
Source: PmsbthDWFX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PmsbthDWFX.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeFile read: C:\Users\user\Desktop\PmsbthDWFX.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\PmsbthDWFX.exe "C:\Users\user\Desktop\PmsbthDWFX.exe"
Source: C:\Users\user\Desktop\PmsbthDWFX.exeProcess created: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma
Source: unknownProcess created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x4 /state0:0xa3f8a055 /state1:0x41c64e6d
Source: unknownProcess created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknownProcess created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f96055 /state1:0x41c64e6d
Source: unknownProcess created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f9e855 /state1:0x41c64e6d
Source: unknownProcess created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknownProcess created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3fae055 /state1:0x41c64e6d
Source: unknownProcess created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknownProcess created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknownProcess created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3fb5855 /state1:0x41c64e6d
Source: C:\Users\user\Desktop\PmsbthDWFX.exeProcess created: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingammaJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: logoncontroller.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.ui.logon.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: wincorlib.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.ui.xamlhost.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: languageoverlayutil.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: logoncontroller.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: logoncontroller.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: logoncontroller.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: logoncontroller.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\LogonUI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeWindow detected: AcceptCancelNullsoft Install System v2.51 Nullsoft Install System v2.51License AgreementPlease review the license terms before installing f.lux.Press Page Down to see the rest of the agreement.BY CLICKING ON THE "ACCEPT" BUTTON "YOU" (MEANING YOU PERSONALLY AND NOT A COMPANY OR OTHER CORPORATE ENTITY) ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LICENSE AGREEMENT ("AGREEMENT"). IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT CLICK THE "CANCEL" BUTTON AND THE DOWNLOAD/INSTALLATION PROCESS WILL NOT CONTINUE. IF THESE TERMS ARE CONSIDERED AN OFFER ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.GRANT. Subject to your full compliance with all the terms of this Agreement Flux Software LLC ("Company") hereby grants you (and only you) a limited personal non-sublicensable non-transferable royalty-free nonexclusive license to use internally the software that you are about to download or install ("Software") only in accordance with the Company documentation that accompanies it. In addition to any compatible personal devices you may download and install the Software on any compatible work device(s) provided that you (1) obtain all necessary permissions consents and waivers from your employer to do so (2) assume all risks and liabilities relating to the Software on such devices and (3) require your employer to release Company from any and all liability to Company relating to the download installation or use of the Software.RESTRICTIONS. You may not (and agree not to and not authorize or enable others to) directly or indirectly: (a) copy distribute redistribute rent lease mirror timeshare operate a service bureau or otherwise use for the benefit of a third party the Software; (b) disassemble decompile attempt to discover the source code or structure sequence and organization of or otherwise reverse engineer the Software (except to the extent applicable law prohibits restrictions on reverse engineering); (c) remove any proprietary notices from the Software; or (d) bundle the Software with any third party software product or service. You understand that Company may modify or discontinue offering the Software at any time. For the avoidance of doubt the foregoing restrictions apply to any company or corporate entity (or its affiliates or agents acting on its behalf) (each an "Entity") and no Entity shall download or install the Software for the purposes of mirroring or distributing it to its employees or otherwise.SUPPORT AND UPGRADES. This Agreement does not entitle you to any support upgrades patches enhancements or fixes for the Software (collectively "Support"). The Software may automatically download and install updates from time to time on the device(s) that you have downloaded and installed the Software on. You agree to receive any such updates and any Support and/or updates for the Software that may be made available by Company shall become part of the Software and subject to this Agreement. The Company reserves the right in its
Source: PmsbthDWFX.exeStatic PE information: certificate valid
Source: Binary string: c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.dr
Source: Binary string: c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb$ source: flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb$ N, source: PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe.0.dr
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary,0_2_100010D0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01002D85 push ecx; ret 2_2_01002D98
Source: C:\Users\user\Desktop\PmsbthDWFX.exeFile created: C:\Users\user\AppData\Local\Temp\nsp91D0.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\PmsbthDWFX.exeFile created: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FCF160 IsIconic,ShowWindow,DialogBoxParamA,2_2_00FCF160
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FA4EC0 IsWindowVisible,IsIconic,GetCurrentThreadId,ShowWindowAsync,ShowWindow,SetForegroundWindow,2_2_00FA4EC0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\LogonUI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\LogonUI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB76A0 SetupDiGetClassDevsExA,SetupDiEnumDeviceInfo,SetupDiOpenDevRegKey,RegQueryValueExA,RegCloseKey,_memset,SetupDiGetDeviceRegistryPropertyA,InterlockedDecrement,InterlockedIncrement,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,2_2_00FB76A0
Source: C:\Users\user\Desktop\PmsbthDWFX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsp91D0.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-69307
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-68670
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeAPI coverage: 1.0 %
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01000826 VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,2_2_01000826
Source: C:\Users\user\Desktop\PmsbthDWFX.exeAPI call chain: ExitProcess graph end nodegraph_0-3725
Source: C:\Users\user\Desktop\PmsbthDWFX.exeAPI call chain: ExitProcess graph end nodegraph_0-3727
Source: C:\Windows\System32\cdd.dllSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\PmsbthDWFX.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FFCEB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00FFCEB0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01000826 VirtualProtect ?,-00000001,00000104,?2_2_01000826
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary,0_2_100010D0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01012175 GetProcessHeap,HeapFree,2_2_01012175
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01004780 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_01004780
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FFCEB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00FFCEB0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01009011 SetUnhandledExceptionFilter,2_2_01009011
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_01003D65 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_01003D65
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FEA890 cpuid 2_2_00FEA890
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: GetLocaleInfoA,2_2_010101FA
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,2_2_00FA8920
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FB76A0 SetupDiGetClassDevsExA,SetupDiEnumDeviceInfo,SetupDiOpenDevRegKey,RegQueryValueExA,RegCloseKey,_memset,SetupDiGetDeviceRegistryPropertyA,InterlockedDecrement,InterlockedIncrement,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,2_2_00FB76A0
Source: C:\Windows\System32\LogonUI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\LogonUI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F728E0 SystemParametersInfoA,GetLocalTime,SystemTimeToVariantTime,2_2_00F728E0
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00FA9B60 FileTimeToSystemTime,_memset,GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,SystemTimeToFileTime,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,2_2_00FA9B60
Source: C:\Users\user\Desktop\PmsbthDWFX.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
Source: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exeCode function: 2_2_00F8F840 WSAStartup,socket,#21,bind,2_2_00F8F840

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
LSASS Driver		1
LSASS Driver		1
Disable or Modify Tools		11
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol11
Input Capture		2
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		Security Account Manager46
System Information Discovery		SMB/Windows Admin Shares2
Clipboard Data		1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Access Token Manipulation		1
DLL Side-Loading		NTDS1
Query Registry		Distributed Component Object ModelInput Capture1
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Process Injection		1
DLL Search Order Hijacking		LSA Secrets2
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Virtualization/Sandbox Evasion		DCSync1
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591996 Sample: PmsbthDWFX.bin Startdate: 15/01/2025 Architecture: WINDOWS Score: 14 21 bg.microsoft.map.fastly.net 2->21 23 api.msn.com 2->23 6 PmsbthDWFX.exe 24 2->6         started        9 LogonUI.exe 2->9         started        11 LogonUI.exe 2->11         started        13 11 other processes 2->13 process3 file4 17 C:\Users\user\AppData\Local\...\nsProcess.dll, PE32 6->17 dropped 19 C:\Users\user\AppData\Local\...\flux.exe, PE32 6->19 dropped 15 flux.exe 2 6->15         started        process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PmsbthDWFX.exe0%VirustotalBrowse
PmsbthDWFX.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsp91D0.tmp\nsProcess.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.fluxometer.com0%Avira URL Cloudsafe
https://apihttps://%d-%d-%s%sauth/reset.postPOSTownersettingssensoractivity%s/auth/create?name=anon%0%Avira URL Cloudsafe
https://fluxometer.com/0%Avira URL Cloudsafe
https://api.fluxometer.comtruessdp:allPhilips0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    api.msn.com
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://apihttps://%d-%d-%s%sauth/reset.postPOSTownersettingssensoractivity%s/auth/create?name=anon%PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://justgetflux.com/windows/watchdog.html/crashflux/camPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
        		high
        https://justgetflux.com/windows/contribute.htmlMakePmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
          		high
          https://justgetflux.com/windows/forum.htmlVisitPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
            		high
            https://discovery.meethue.com/PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
              		high
              https://sectigo.com/CPS0PmsbthDWFX.exe, flux.exe.0.drfalse
                		high
                https://justgetflux.com/windows/contribute.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                  		high
                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0PmsbthDWFX.exe, flux.exe.0.drfalse
                    		high
                    http://ocsp.sectigo.com0PmsbthDWFX.exe, flux.exe.0.drfalse
                      		high
                      https://justgetflux.com/windows/watchdog.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                        		high
                        https://justgetflux.com/windows/moreabout.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                          		high
                          https://justgetflux.com/windows/release.htmlReadPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                            		high
                            https://justgetflux.com/windows/support.htmlReadPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                              		high
                              https://justgetflux.com/geollUseWinLocationPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                		high
                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#PmsbthDWFX.exe, flux.exe.0.drfalse
                                  		high
                                  https://fluxometer.com/PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.fluxometer.comPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#PmsbthDWFX.exe, flux.exe.0.drfalse
                                    		high
                                    http://nsis.sf.net/NSIS_ErrorErrorPmsbthDWFX.exefalse
                                      		high
                                      https://justgetflux.com/f.luxPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                        		high
                                        https://justgetflux.com/windows/forum.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                          		high
                                          https://justgetflux.com/windows/support.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                            		high
                                            https://justgetflux.com/windows/moreabout.htmlfluxometer.com:PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                              		high
                                              https://justgetflux.com/PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                		high
                                                https://justgetflux.com/windows/preset.jsonPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                  		high
                                                  https://justgetflux.com/update/v4/PmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                    		high
                                                    https://justgetflux.com/crashPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                      		high
                                                      https://justgetflux.com/offer/windows.jsonPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                        		high
                                                        http://nsis.sf.net/NSIS_ErrorPmsbthDWFX.exefalse
                                                          		high
                                                          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yPmsbthDWFX.exe, flux.exe.0.drfalse
                                                            		high
                                                            https://justgetflux.com/update/v4/windows-beta.jsonhttps://justgetflux.com/update/v4/windows.jsonhttPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                              		high
                                                              https://api.fluxometer.comtruessdp:allPhilipsPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://justgetflux.com/windows/release.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                		high
                                                                https://justgetflux.com/geoPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                  		high
                                                                  https://justgetflux.com/winmap.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                    		high
                                                                    https://justgetflux.com/winmap.html%s?lat=%f&lng=%f%s?geo=%sredirlatlngZIPPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                      		high
                                                                      https://justgetflux.com/windows/lights.htmlPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                        		high
                                                                        https://justgetflux.com/crashf.luxPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                          		high
                                                                          https://discovery.meethue.com/internalipaddresshttp://%s/upnphue//lights/ctbrinotPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                            		high
                                                                            https://justgetflux.com/windows/lights.htmlalarmhotkeysSurfaceKeysDisableUpdateSlowFadeWideSliderUsePmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                              		high
                                                                              https://justgetflux.com/update/v4/windows.jsonPmsbthDWFX.exe, 00000000.00000003.2119675903.0000000002800000.00000004.00000020.00020000.00000000.sdmp, flux.exe, flux.exe, 00000002.00000000.2121852792.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe, 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmp, flux.exe.0.drfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                No contacted IP infos

                                                                                General Information

                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                Analysis ID:1591996
                                                                                Start date and time:2025-01-15 16:25:32 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 6m 36s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:36
                                                                                Number of new started drivers analysed:4
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Sample name:PmsbthDWFX.exe
                                                                                (renamed file extension from bin to exe, renamed because original name is a hash value)
                                                                                Original Sample Name:b53390dba0e0c227341f3c688be3aef91455c4f926e6527af6ce1e4acf74a7b3.bin
                                                                                Detection:CLEAN
                                                                                Classification:clean14.winEXE@12/5@1/0
                                                                                EGA Information:
                                                                                • Successful, ratio: 100%
                                                                                HCA Information:
                                                                                • Successful, ratio: 99%
                                                                                • Number of executed functions: 62
                                                                                • Number of non-executed functions: 307

                                                                                Warnings

                                                                                • Connection to analysis system has been lost, crash info: Unknown
                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, smss.exe, dwm.exe, SIHClient.exe, csrss.exe, winlogon.exe, svchost.exe
                                                                                • Excluded IPs from analysis (whitelisted): 20.12.23.50, 184.28.90.27, 2.23.240.64, 204.79.197.203, 104.102.63.47, 2.21.65.132, 2.21.65.154, 40.126.32.136, 40.126.32.140, 20.190.160.17, 40.126.32.134, 40.126.32.133, 40.126.32.74, 20.190.160.22, 40.126.32.76, 2.23.227.215, 2.23.227.208, 13.107.246.45
                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, p-static.bing.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, cdn.onenote.net.edgekey.net, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, wildcard.weather.microsoft.com.edgekey.net, login.live.com, e16604.g.akamaiedge.net, r.bing.com, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, cdn.onenote.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.bing.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e15275.d.akamaiedge.net, www.tm.v4.a.prd.aadg.akadns.net, r.bing.com.edgekey.net, a-0003.a-msedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, e1553.dspg.akamaiedge.net, api-msn-com.a-0003.a-msedge.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                No simulations

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                No context

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                bg.microsoft.map.fastly.netPersonliche Nachricht fur e4060738.pdfGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                https://drive.google.com/file/d/1dNrtjTqb59ZQTE3gUuVhSjEbFXuJRXW7/view?usp=sharing&ts=6786e61fGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                Sample1.exeGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                alN48K3xcD.dllGet hashmaliciousWannacryBrowse
                                                                                • 199.232.214.172
                                                                                RFQ # PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                                                                                • 199.232.210.172
                                                                                21033090848109083.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                • 199.232.210.172
                                                                                https://www.pdfforge.org/pdfcreator?srsltid=AfmBOoq1lpA5qNxfcLUyxjmEXAioeKYtqPTpBsIbZ5VOdq3uhOg1WclGGet hashmaliciousUnknownBrowse
                                                                                • 199.232.214.172
                                                                                0969686.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                • 199.232.210.172
                                                                                00.ps1Get hashmaliciousPureCrypter, LummaC, LummaC StealerBrowse
                                                                                • 199.232.210.172
                                                                                31070304561863532281.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                • 199.232.210.172

                                                                                ASNs

                                                                                No context

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                C:\Users\user\AppData\Local\Temp\nsp91D0.tmp\nsProcess.dllSecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exeGet hashmaliciousUnknownBrowse
                                                                                  SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exeGet hashmaliciousUnknownBrowse
                                                                                    HDKuOe.exeGet hashmaliciousUnknownBrowse
                                                                                      HDKuOe.exeGet hashmaliciousUnknownBrowse
                                                                                        file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                          file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                            file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                              file.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                                                                                5GOuTtZoQn.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                                                                                  SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\PmsbthDWFX.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1528952
                                                                                                    Entropy (8bit):6.436220042273394
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:f1eNZvlmpxOBs8NmulDcUM3DXvNh7ThZlrnh1cLggDgQbKSVnl+RMdt0g7Hi6:/3p4EmgChMOt9
                                                                                                    MD5:036B38DD2F7D5991117CCE7C9FC2FE8B
                                                                                                    SHA1:9517C8B2778DDFE9322C80700DAA43231067A5C0
                                                                                                    SHA-256:5DCAA7663EB0D46765C2EF259AACED8788F21545E15B748B13127072FE624034
                                                                                                    SHA-512:A202B3D3BA44CDFF854EA03C90F997B05BE976E7218D84A0116EDEBB1EFD21995D19148D1E1C98B10BC4A03AE57971C1EC3A2502BD5D595B3783FDC616092E96
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................[......J.....2.........M.z.....]...............J.......D.Y....Z......._.....Rich....................PE..L......e.................f...*....................@.......................................@..............................................r..............xX... ..hy.. ...................................@............... ............................text...se.......f.................. ..`.rdata...............j..............@..@.data........ ......................@....rsrc....r.......t..................@..@.reloc....... .......Z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime\flux.preset.json

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\PmsbthDWFX.exe
                                                                                                    File Type:JSON data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):998
                                                                                                    Entropy (8bit):4.814709163330534
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:GzVHdEO1gV0IVhx4EbVq/yvaVH+HVEI5rujRVF81:GldEO1jeyyvK++k1
                                                                                                    MD5:2F16CAE7C448269CE98FC362F88A17B3
                                                                                                    SHA1:720816A36C132A01E20D323A91B3EE0B5087BC3E
                                                                                                    SHA-256:115A1AFA03D994FA848781CD5CCD237B1F1288F34315EE07CDB039553E94BA0B
                                                                                                    SHA-512:EBCDEFB7C79A9DA1EDB17F2B9F4A98E07CC729440A59CB9EB169754771B9B909D2480DE7FDF17A35D7730642DA0A0F6F924EA0C5758C933AFA6B6CA80E502DE2
                                                                                                    Malicious:false
                                                                                                    Preview:[...{...."name": "Recommended Colors",...."desc": "Warm at sunset, with a candle before bed",...."day": 6500,...."night": 3400,...."late": 1900...},...{...."name": "Reduce Eyestrain",...."desc": "Reduce eyestrain, day and night",...."day": 5900,...."night": 3600,...."late": 2400...},...{...."name": "Working Late",...."desc": "Bright after sunset, and wind down for bed",...."day": 6500,...."night": 6500,...."late": 2300...},...{...."name": "Far from the Equator",...."desc": "A tinge of sunset, with a candle at bedtime",...."day": 6500,...."night": 5500,...."late": 1900...},...{...."name": "Classic f.lux",...."desc": "Warm at sunset, and all night too",...."day": 6500,...."night": 3400,...."late": 3400...},...{...."name": "Cave Painting",...."desc": "Extra-warm light all the time",...."day": 2700,...."night": 2300,...."late": 1500...},...{...."name": "Color Fidelity",...."desc": "Smaller adjustments, better for color accuracy",...."day": 6500,...."night": 5000,...."late": 3400...}..]..

                                                                                                    C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime\flux.psd

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\PmsbthDWFX.exe
                                                                                                    File Type:Adobe Photoshop Image, 1044 x 511, RGB, 3x 8-bit channels
                                                                                                    Category:dropped
                                                                                                    Size (bytes):259358
                                                                                                    Entropy (8bit):5.344860530428662
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:mW2SKyuzekcRKkpXHU2RnlCH6Qyk1Ef3Ynrb0Cq6uy:MYXeddSy
                                                                                                    MD5:3C85E1320ACE8380C47C1D0A3C48BE17
                                                                                                    SHA1:9F4AFDB52B09AA77163DE3BD07DC3104FEFDB06C
                                                                                                    SHA-256:54F5F2B622C0C1CE6B0041C332D8D49AFA4A965550CE400BCB47A0B0497131BC
                                                                                                    SHA-512:41E8A49B29C713AFD8441C7C607079F2C0136FB927CAE87DB6826BD2CC311EA10D0944A26AFFABE9E7F7DA30AD22EB0A4A811AD87BE53C7DE23C76DF67A8ABCF
                                                                                                    Malicious:false
                                                                                                    Preview:8BPS............................X.8BIM..........Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G........8BIM.%.......]%..P:...oF+.8BIM.$....=.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/vnd.adobe.photoshop</dc:format>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Photoshop CS6 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2013-04-19T22:50:16-07:00</xmp:CreateDate>. <xmp:ModifyDate>2017-04-11T14:23:48-07:00</xmp:ModifyDate>. <xmp:MetadataDate>2017-04-11T14:23:48-

                                                                                                    C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime\flux.tre

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\PmsbthDWFX.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4154
                                                                                                    Entropy (8bit):4.802750513930186
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:x33NrW51vko3AWAHUjt/9z+g5fRCljsJcExGc62f247t:m7bAWAH21NCljsJcExGc62f247t
                                                                                                    MD5:834F1E49C1269098EC0A526306101367
                                                                                                    SHA1:960E14C9A03DA96938674C4C3CEF0025EBD24C1C
                                                                                                    SHA-256:47593343875782E0790883394470BB32CBE8B81F0DB6ADF3CFDFFD78988FB135
                                                                                                    SHA-512:8DB710B24F89E65200AB5349DADFDECEFB330C62CDB4672B51811273DA3949A174039F8A45334020DF91095DC7B84AF5BCB173926FF6BECF3517C2EED72E80E8
                                                                                                    Malicious:false
                                                                                                    Preview:#define buttonfont..Property fontname Calibri..Property fontsize 28..Property typecolor DD000000 DD000000 DD000000....#define smallfont..Property fontname Calibri..Property fontsize 22....#define subfont..Property fontname Calibri..Property fontsize 36..Property fonttrack -4....#define megafont..Property fontname Calibri..Property fontsize 44..Property fonttrack -2....#define labelfont..Property fontname Calibri..Property fontsize 28..Property fontweight 700....#define labeltop..Property fontname Calibri..Property fontsize 28..Property fontweight 700....#define labelstatus..Property fontname Calibri..Property fontsize 28....#define linelabel..Property fontname Calibri..Property fontsize 20..XConstraint 0, 1, 28..YConstraint 0.5, 0.5, 0....#define leftlabel..Property fontname Calibri..Property fontsize 24..XConstraint 1, 0, -24..YConstraint 0.5, 0.5, 0....#define knoblabel2..Property fontname Calibri..Property fontsize 20....#define bcenter..XConstraint 0.5, 0.5, 2..YConstraint 0.5, 0.5

                                                                                                    C:\Users\user\AppData\Local\Temp\nsp91D0.tmp\nsProcess.dll

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\PmsbthDWFX.exe
                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4608
                                                                                                    Entropy (8bit):4.666004851298707
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
                                                                                                    MD5:FAA7F034B38E729A983965C04CC70FC1
                                                                                                    SHA1:DF8BDA55B498976EA47D25D8A77539B049DAB55E
                                                                                                    SHA-256:579A034FF5AB9B732A318B1636C2902840F604E8E664F5B93C07A99253B3C9CF
                                                                                                    SHA-512:7868F9B437FCF829AD993FF57995F58836AD578458994361C72AE1BF1DFB74022F9F9E948B48AFD3361ED3426C4F85B4BB0D595E38EE278FEE5C4425C4491DBF
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exe, Detection: malicious, Browse
                                                                                                    • Filename: HDKuOe.exe, Detection: malicious, Browse
                                                                                                    • Filename: HDKuOe.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                    • Filename: 5GOuTtZoQn.exe, Detection: malicious, Browse
                                                                                                    • Filename: SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exe, Detection: malicious, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n|f.L...I...Q...@..K...@..H...@..H...RichI...........PE..L...`..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..`............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                    Entropy (8bit):7.956628662728476
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                    File name:PmsbthDWFX.exe
                                                                                                    File size:686'736 bytes
                                                                                                    MD5:ebf5b897e0e4b90143764fc39e0c5a21
                                                                                                    SHA1:244eb29a512f1cc980bcfdc3bda2c62e1954c6d7
                                                                                                    SHA256:b53390dba0e0c227341f3c688be3aef91455c4f926e6527af6ce1e4acf74a7b3
                                                                                                    SHA512:94eaf96b9bb79b78cba358eb8613ff31c10cc820e54fa5a53f7da5287da7e6cb8eb73a7a4503c8714745c6715c42066f033ef059defaf700843644ea53eb7133
                                                                                                    SSDEEP:12288:iy+D6QW+bxrvwL/4eJIGrqrggPFvg8FaFARFjMCoU41WHBUbIU82wuLpVGee6Jb5:L+mkbFU4eL9gPC84FGFjMCr4EHBUsUz5
                                                                                                    TLSH:25E4233BA781F785DBDDD53068ED1B3A92B0E90145142FDB33309A7E65A13D28A483CB
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                                                                                    File Icon

                                                                                                    Icon Hash:1769d6a28a44310f

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x4030fb
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:true
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                                                                    Authenticode Signature

                                                                                                    Signature Valid:true
                                                                                                    Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                    Error Number:0
                                                                                                    Not Before, Not After
                                                                                                    • 14/04/2023 02:00:00 14/04/2026 01:59:59
                                                                                                    Subject Chain
                                                                                                    • CN=F.lux Software LLC, O=F.lux Software LLC, S=California, C=US
                                                                                                    Version:3
                                                                                                    Thumbprint MD5:DC1410155558E42577FE6480E8059FB9
                                                                                                    Thumbprint SHA-1:D849624D69430B980001D7BCB6C85F582F0B278F
                                                                                                    Thumbprint SHA-256:758B20089F6E89580EE731195ED8931ED27653B55CD9282A638107863F9C0202
                                                                                                    Serial:1E76077152583A372C338AF11A6ECF83

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    sub esp, 00000184h
                                                                                                    push ebx
                                                                                                    push ebp
                                                                                                    push esi
                                                                                                    push edi
                                                                                                    xor ebx, ebx
                                                                                                    push 00008001h
                                                                                                    mov dword ptr [esp+20h], ebx
                                                                                                    mov dword ptr [esp+14h], 00409168h
                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                    mov byte ptr [esp+18h], 00000020h
                                                                                                    call dword ptr [004070B0h]
                                                                                                    call dword ptr [004070ACh]
                                                                                                    cmp ax, 00000006h
                                                                                                    je 00007F36BD23AD93h
                                                                                                    push ebx
                                                                                                    call 00007F36BD23DB74h
                                                                                                    cmp eax, ebx
                                                                                                    je 00007F36BD23AD89h
                                                                                                    push 00000C00h
                                                                                                    call eax
                                                                                                    mov esi, 00407280h
                                                                                                    push esi
                                                                                                    call 00007F36BD23DAF0h
                                                                                                    push esi
                                                                                                    call dword ptr [00407108h]
                                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                                    cmp byte ptr [esi], bl
                                                                                                    jne 00007F36BD23AD6Dh
                                                                                                    push 0000000Dh
                                                                                                    call 00007F36BD23DB48h
                                                                                                    push 0000000Bh
                                                                                                    call 00007F36BD23DB41h
                                                                                                    mov dword ptr [00423F44h], eax
                                                                                                    call dword ptr [00407038h]
                                                                                                    push ebx
                                                                                                    call dword ptr [0040726Ch]
                                                                                                    mov dword ptr [00423FF8h], eax
                                                                                                    push ebx
                                                                                                    lea eax, dword ptr [esp+38h]
                                                                                                    push 00000160h
                                                                                                    push eax
                                                                                                    push ebx
                                                                                                    push 0041F4F0h
                                                                                                    call dword ptr [0040715Ch]
                                                                                                    push 0040915Ch
                                                                                                    push 00423740h
                                                                                                    call 00007F36BD23D774h
                                                                                                    call dword ptr [0040710Ch]
                                                                                                    mov ebp, 0042A000h
                                                                                                    push eax
                                                                                                    push ebp
                                                                                                    call 00007F36BD23D762h
                                                                                                    push ebx
                                                                                                    call dword ptr [00407144h]

                                                                                                    Rich Headers

                                                                                                    Programming Language:
                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x340000x5950.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xa22180x5878
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x10000x5aeb0x5c00c8acf839f47203d12ad6cec446c57975False0.6651239809782609data6.42230569414204IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rdata0x70000x11960x120094f06cebbbcced874aa75b26d73e8db1False0.458984375data5.202917366589074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .data0x90000x1b0380x60087bf5d11434348ef3f172e2ab24257ceFalse0.4322916666666667data4.047511829596067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .ndata0x250000xf0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rsrc0x340000x59500x5a00ac69b3f683e9c837b192dede604aaa38False0.3758680555555556data5.430453889051704IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0x343100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.30684647302904566
                                                                                                    RT_ICON0x368b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.40361163227016883
                                                                                                    RT_ICON0x379600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5248194945848376
                                                                                                    RT_ICON0x382080x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7203757225433526
                                                                                                    RT_ICON0x387700x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6843971631205674
                                                                                                    RT_ICON0x38bd80x2e8dataEnglishUnited States0.020161290322580645
                                                                                                    RT_ICON0x38ec00x128dataEnglishUnited States0.04391891891891892
                                                                                                    RT_DIALOG0x38fe80xb4dataEnglishUnited States0.6111111111111112
                                                                                                    RT_DIALOG0x390a00x202dataEnglishUnited States0.4085603112840467
                                                                                                    RT_DIALOG0x392a80xf8dataEnglishUnited States0.6290322580645161
                                                                                                    RT_DIALOG0x393a00xa0dataEnglishUnited States0.60625
                                                                                                    RT_DIALOG0x394400xeedataEnglishUnited States0.6260504201680672
                                                                                                    RT_GROUP_ICON0x395300x68dataEnglishUnited States0.7403846153846154
                                                                                                    RT_MANIFEST0x395980x3b3XML 1.0 document, ASCII text, with very long lines (947), with no line terminatorsEnglishUnited States0.5195353748680043

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                                    USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                                    ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                    Possible Origin

                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    EnglishUnited States

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 15, 2025 16:26:55.383336067 CET5053053192.168.2.51.1.1.1

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Jan 15, 2025 16:26:55.383336067 CET192.168.2.51.1.1.10xf766Standard query (0)api.msn.comA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Jan 15, 2025 16:26:45.251797915 CET1.1.1.1192.168.2.50xb20eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                    Jan 15, 2025 16:26:45.251797915 CET1.1.1.1192.168.2.50xb20eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                    Jan 15, 2025 16:26:55.390292883 CET1.1.1.1192.168.2.50xf766No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                    Jan 15, 2025 16:27:46.523827076 CET1.1.1.1192.168.2.50x5698No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                    Jan 15, 2025 16:27:46.523827076 CET1.1.1.1192.168.2.50x5698No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:10:26:26
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Users\user\Desktop\PmsbthDWFX.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\PmsbthDWFX.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:686'736 bytes
                                                                                                    MD5 hash:EBF5B897E0E4B90143764FC39E0C5A21
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:2
                                                                                                    Start time:10:26:31
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma
                                                                                                    Imagebase:0xf60000
                                                                                                    File size:1'528'952 bytes
                                                                                                    MD5 hash:036B38DD2F7D5991117CCE7C9FC2FE8B
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:3
                                                                                                    Start time:10:26:42
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\LogonUI.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"LogonUI.exe" /flags:0x4 /state0:0xa3f8a055 /state1:0x41c64e6d
                                                                                                    Imagebase:0x7ff63a300000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:893144FE49AA16124B5BD3034E79BBC6
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:10:26:44
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\cdd.dll
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:
                                                                                                    Imagebase:0x7ff7e52b0000
                                                                                                    File size:267'264 bytes
                                                                                                    MD5 hash:9B684213A399B4E286982BDAD6CF3D07
                                                                                                    Has elevated privileges:
                                                                                                    Has administrator privileges:
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:10
                                                                                                    Start time:10:26:44
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"fontdrvhost.exe"
                                                                                                    Imagebase:0x7ff7b5950000
                                                                                                    File size:827'408 bytes
                                                                                                    MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:11
                                                                                                    Start time:10:26:44
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\LogonUI.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"LogonUI.exe" /flags:0x2 /state0:0xa3f96055 /state1:0x41c64e6d
                                                                                                    Imagebase:0x7ff63a300000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:893144FE49AA16124B5BD3034E79BBC6
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:19
                                                                                                    Start time:10:26:46
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\cdd.dll
                                                                                                    Wow64 process (32bit):
                                                                                                    Commandline:
                                                                                                    Imagebase:
                                                                                                    File size:267'264 bytes
                                                                                                    MD5 hash:9B684213A399B4E286982BDAD6CF3D07
                                                                                                    Has elevated privileges:
                                                                                                    Has administrator privileges:
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:20
                                                                                                    Start time:10:26:46
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\LogonUI.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"LogonUI.exe" /flags:0x2 /state0:0xa3f9e855 /state1:0x41c64e6d
                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:893144FE49AA16124B5BD3034E79BBC6
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:22
                                                                                                    Start time:10:26:46
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"fontdrvhost.exe"
                                                                                                    Imagebase:0x7ff7b5950000
                                                                                                    File size:827'408 bytes
                                                                                                    MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:26
                                                                                                    Start time:10:26:49
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\cdd.dll
                                                                                                    Wow64 process (32bit):
                                                                                                    Commandline:
                                                                                                    Imagebase:
                                                                                                    File size:267'264 bytes
                                                                                                    MD5 hash:9B684213A399B4E286982BDAD6CF3D07
                                                                                                    Has elevated privileges:
                                                                                                    Has administrator privileges:
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:27
                                                                                                    Start time:10:26:49
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\LogonUI.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"LogonUI.exe" /flags:0x2 /state0:0xa3fae055 /state1:0x41c64e6d
                                                                                                    Imagebase:0x7ff63a300000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:893144FE49AA16124B5BD3034E79BBC6
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:29
                                                                                                    Start time:10:26:49
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"fontdrvhost.exe"
                                                                                                    Imagebase:0x7ff7b5950000
                                                                                                    File size:827'408 bytes
                                                                                                    MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:33
                                                                                                    Start time:10:26:50
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\cdd.dll
                                                                                                    Wow64 process (32bit):
                                                                                                    Commandline:
                                                                                                    Imagebase:
                                                                                                    File size:267'264 bytes
                                                                                                    MD5 hash:9B684213A399B4E286982BDAD6CF3D07
                                                                                                    Has elevated privileges:
                                                                                                    Has administrator privileges:
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:34
                                                                                                    Start time:10:26:51
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"fontdrvhost.exe"
                                                                                                    Imagebase:0x7ff7b5950000
                                                                                                    File size:827'408 bytes
                                                                                                    MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:35
                                                                                                    Start time:10:26:51
                                                                                                    Start date:15/01/2025
                                                                                                    Path:C:\Windows\System32\LogonUI.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"LogonUI.exe" /flags:0x2 /state0:0xa3fb5855 /state1:0x41c64e6d
                                                                                                    Imagebase:0x7ff63a300000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:893144FE49AA16124B5BD3034E79BBC6
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:21.7%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:24.7%
                                                                                                      Total number of Nodes:1379
                                                                                                      Total number of Limit Nodes:40
                                                                                                      execution_graph 3239 404fc2 3240 404fe3 GetDlgItem GetDlgItem GetDlgItem 3239->3240 3241 40516e 3239->3241 3286 403e89 SendMessageA 3240->3286 3243 405177 GetDlgItem CreateThread CloseHandle 3241->3243 3244 40519f 3241->3244 3243->3244 3300 404f56 OleInitialize 3243->3300 3246 4051ca 3244->3246 3249 4051b6 ShowWindow ShowWindow 3244->3249 3250 4051ec 3244->3250 3245 405054 3254 40505b GetClientRect GetSystemMetrics SendMessageA SendMessageA 3245->3254 3247 4051d3 3246->3247 3248 405228 3246->3248 3251 405201 ShowWindow 3247->3251 3252 4051db 3247->3252 3248->3250 3261 405233 SendMessageA 3248->3261 3288 403e89 SendMessageA 3249->3288 3253 403ebb 8 API calls 3250->3253 3257 405221 3251->3257 3258 405213 3251->3258 3256 403e2d SendMessageA 3252->3256 3267 4051fa 3253->3267 3259 4050ca 3254->3259 3260 4050ae SendMessageA SendMessageA 3254->3260 3256->3250 3263 403e2d SendMessageA 3257->3263 3289 404e84 3258->3289 3264 4050dd 3259->3264 3265 4050cf SendMessageA 3259->3265 3260->3259 3266 40524c CreatePopupMenu 3261->3266 3261->3267 3263->3248 3268 403e54 19 API calls 3264->3268 3265->3264 3269 405bba 18 API calls 3266->3269 3271 4050ed 3268->3271 3270 40525c AppendMenuA 3269->3270 3272 405282 3270->3272 3273 40526f GetWindowRect 3270->3273 3274 4050f6 ShowWindow 3271->3274 3275 40512a GetDlgItem SendMessageA 3271->3275 3276 40528b TrackPopupMenu 3272->3276 3273->3276 3277 405119 3274->3277 3278 40510c ShowWindow 3274->3278 3275->3267 3279 405151 SendMessageA SendMessageA 3275->3279 3276->3267 3280 4052a9 3276->3280 3287 403e89 SendMessageA 3277->3287 3278->3277 3279->3267 3281 4052c5 SendMessageA 3280->3281 3281->3281 3283 4052e2 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3281->3283 3284 405304 SendMessageA 3283->3284 3284->3284 3285 405325 GlobalUnlock SetClipboardData CloseClipboard 3284->3285 3285->3267 3286->3245 3287->3275 3288->3246 3290 404e9f 3289->3290 3298 404f42 3289->3298 3291 404ebc lstrlenA 3290->3291 3292 405bba 18 API calls 3290->3292 3293 404ee5 3291->3293 3294 404eca lstrlenA 3291->3294 3292->3291 3296 404ef8 3293->3296 3297 404eeb SetWindowTextA 3293->3297 3295 404edc lstrcatA 3294->3295 3294->3298 3295->3293 3296->3298 3299 404efe SendMessageA SendMessageA SendMessageA 3296->3299 3297->3296 3298->3257 3299->3298 3301 403ea0 SendMessageA 3300->3301 3302 404f79 3301->3302 3305 401389 2 API calls 3302->3305 3306 404fa0 3302->3306 3303 403ea0 SendMessageA 3304 404fb2 OleUninitialize 3303->3304 3305->3302 3306->3303 3960 401cc2 3961 402a0c 18 API calls 3960->3961 3962 401cd2 SetWindowLongA 3961->3962 3963 4028be 3962->3963 3964 401a43 3965 402a0c 18 API calls 3964->3965 3966 401a49 3965->3966 3967 402a0c 18 API calls 3966->3967 3968 4019f3 3967->3968 3976 402648 3977 40264b 3976->3977 3981 402663 3976->3981 3978 402658 FindNextFileA 3977->3978 3979 4026a2 3978->3979 3978->3981 3982 405b98 lstrcpynA 3979->3982 3982->3981 3366 401bca 3388 402a0c 3366->3388 3368 401bd1 3369 402a0c 18 API calls 3368->3369 3370 401bdb 3369->3370 3371 401beb 3370->3371 3372 402a29 18 API calls 3370->3372 3373 401bfb 3371->3373 3374 402a29 18 API calls 3371->3374 3372->3371 3375 401c06 3373->3375 3376 401c4a 3373->3376 3374->3373 3377 402a0c 18 API calls 3375->3377 3378 402a29 18 API calls 3376->3378 3379 401c0b 3377->3379 3380 401c4f 3378->3380 3381 402a0c 18 API calls 3379->3381 3382 402a29 18 API calls 3380->3382 3383 401c14 3381->3383 3384 401c58 FindWindowExA 3382->3384 3385 401c3a SendMessageA 3383->3385 3386 401c1c SendMessageTimeoutA 3383->3386 3387 401c76 3384->3387 3385->3387 3386->3387 3389 405bba 18 API calls 3388->3389 3390 402a20 3389->3390 3390->3368 3986 40424b 3987 404281 3986->3987 3988 40425b 3986->3988 3990 403ebb 8 API calls 3987->3990 3989 403e54 19 API calls 3988->3989 3991 404268 SetDlgItemTextA 3989->3991 3992 40428d 3990->3992 3991->3987 3993 4024cf 3994 402a29 18 API calls 3993->3994 3995 4024d6 3994->3995 3998 40586f GetFileAttributesA CreateFileA 3995->3998 3997 4024e2 3998->3997 3557 401751 3558 402a29 18 API calls 3557->3558 3559 401758 3558->3559 3560 401776 3559->3560 3561 40177e 3559->3561 3618 405b98 lstrcpynA 3560->3618 3619 405b98 lstrcpynA 3561->3619 3564 40177c 3568 405dfa 5 API calls 3564->3568 3565 401789 3566 40568b 3 API calls 3565->3566 3567 40178f lstrcatA 3566->3567 3567->3564 3587 40179b 3568->3587 3569 405e93 2 API calls 3569->3587 3570 405850 2 API calls 3570->3587 3572 4017b2 CompareFileTime 3572->3587 3573 401876 3574 404e84 25 API calls 3573->3574 3575 401880 3574->3575 3596 402e8e 3575->3596 3576 404e84 25 API calls 3579 401862 3576->3579 3577 405b98 lstrcpynA 3577->3587 3581 4018a7 SetFileTime 3583 4018b9 CloseHandle 3581->3583 3582 405bba 18 API calls 3582->3587 3583->3579 3584 4018ca 3583->3584 3585 4018e2 3584->3585 3586 4018cf 3584->3586 3589 405bba 18 API calls 3585->3589 3588 405bba 18 API calls 3586->3588 3587->3569 3587->3570 3587->3572 3587->3573 3587->3577 3587->3582 3590 405459 MessageBoxIndirectA 3587->3590 3594 40184d 3587->3594 3595 40586f GetFileAttributesA CreateFileA 3587->3595 3591 4018d7 lstrcatA 3588->3591 3592 4018ea 3589->3592 3590->3587 3591->3592 3593 405459 MessageBoxIndirectA 3592->3593 3593->3579 3594->3576 3594->3579 3595->3587 3597 402ea4 3596->3597 3598 402ecf 3597->3598 3629 4030b3 SetFilePointer 3597->3629 3620 403081 ReadFile 3598->3620 3602 403015 3604 403019 3602->3604 3608 403031 3602->3608 3603 402eec GetTickCount 3614 402eff 3603->3614 3606 403081 ReadFile 3604->3606 3605 401893 3605->3581 3605->3583 3606->3605 3607 403081 ReadFile 3607->3608 3608->3605 3608->3607 3610 40304c WriteFile 3608->3610 3609 403081 ReadFile 3609->3614 3610->3605 3611 403061 3610->3611 3611->3605 3611->3608 3613 402f65 GetTickCount 3613->3614 3614->3605 3614->3609 3614->3613 3615 402f8e MulDiv wsprintfA 3614->3615 3617 402fcc WriteFile 3614->3617 3622 406025 3614->3622 3616 404e84 25 API calls 3615->3616 3616->3614 3617->3605 3617->3614 3618->3564 3619->3565 3621 402eda 3620->3621 3621->3602 3621->3603 3621->3605 3623 40604a 3622->3623 3624 406052 3622->3624 3623->3614 3624->3623 3625 4060e2 GlobalAlloc 3624->3625 3626 4060d9 GlobalFree 3624->3626 3627 406150 GlobalFree 3624->3627 3628 406159 GlobalAlloc 3624->3628 3625->3623 3625->3624 3626->3625 3627->3628 3628->3623 3628->3624 3629->3598 3999 401651 4000 402a29 18 API calls 3999->4000 4001 401657 4000->4001 4002 405e93 2 API calls 4001->4002 4003 40165d 4002->4003 4004 401951 4005 402a0c 18 API calls 4004->4005 4006 401958 4005->4006 4007 402a0c 18 API calls 4006->4007 4008 401962 4007->4008 4009 402a29 18 API calls 4008->4009 4010 40196b 4009->4010 4011 40197e lstrlenA 4010->4011 4013 4019b9 4010->4013 4012 401988 4011->4012 4012->4013 4017 405b98 lstrcpynA 4012->4017 4015 4019a2 4015->4013 4016 4019af lstrlenA 4015->4016 4016->4013 4017->4015 4018 4019d2 4019 402a29 18 API calls 4018->4019 4020 4019d9 4019->4020 4021 402a29 18 API calls 4020->4021 4022 4019e2 4021->4022 4023 4019e9 lstrcmpiA 4022->4023 4024 4019fb lstrcmpA 4022->4024 4025 4019ef 4023->4025 4024->4025 4026 402053 4027 402a29 18 API calls 4026->4027 4028 40205a 4027->4028 4029 402a29 18 API calls 4028->4029 4030 402064 4029->4030 4031 402a29 18 API calls 4030->4031 4032 40206d 4031->4032 4033 402a29 18 API calls 4032->4033 4034 402077 4033->4034 4035 402a29 18 API calls 4034->4035 4037 402081 4035->4037 4036 402095 CoCreateInstance 4041 4020b4 4036->4041 4043 40216a 4036->4043 4037->4036 4038 402a29 18 API calls 4037->4038 4038->4036 4039 401423 25 API calls 4040 40219c 4039->4040 4042 402149 MultiByteToWideChar 4041->4042 4041->4043 4042->4043 4043->4039 4043->4040 4044 4047d3 GetDlgItem GetDlgItem 4045 404827 7 API calls 4044->4045 4054 404a44 4044->4054 4046 4048c0 SendMessageA 4045->4046 4047 4048cd DeleteObject 4045->4047 4046->4047 4048 4048d8 4047->4048 4050 40490f 4048->4050 4053 405bba 18 API calls 4048->4053 4049 404b2e 4052 404bdd 4049->4052 4056 404a37 4049->4056 4063 404b87 SendMessageA 4049->4063 4051 403e54 19 API calls 4050->4051 4055 404923 4051->4055 4058 404bf2 4052->4058 4059 404be6 SendMessageA 4052->4059 4060 4048f1 SendMessageA SendMessageA 4053->4060 4054->4049 4057 404ab8 4054->4057 4097 404753 SendMessageA 4054->4097 4062 403e54 19 API calls 4055->4062 4064 403ebb 8 API calls 4056->4064 4057->4049 4065 404b20 SendMessageA 4057->4065 4066 404c04 ImageList_Destroy 4058->4066 4067 404c0b 4058->4067 4074 404c1b 4058->4074 4059->4058 4060->4048 4077 404931 4062->4077 4063->4056 4069 404b9c SendMessageA 4063->4069 4070 404dcd 4064->4070 4065->4049 4066->4067 4071 404c14 GlobalFree 4067->4071 4067->4074 4068 404d81 4068->4056 4075 404d93 ShowWindow GetDlgItem ShowWindow 4068->4075 4073 404baf 4069->4073 4071->4074 4072 404a05 GetWindowLongA SetWindowLongA 4076 404a1e 4072->4076 4084 404bc0 SendMessageA 4073->4084 4074->4068 4083 40140b 2 API calls 4074->4083 4090 404c4d 4074->4090 4075->4056 4078 404a24 ShowWindow 4076->4078 4079 404a3c 4076->4079 4077->4072 4082 404980 SendMessageA 4077->4082 4085 4049ff 4077->4085 4086 4049bc SendMessageA 4077->4086 4087 4049cd SendMessageA 4077->4087 4095 403e89 SendMessageA 4078->4095 4096 403e89 SendMessageA 4079->4096 4082->4077 4083->4090 4084->4052 4085->4072 4085->4076 4086->4077 4087->4077 4088 404d57 InvalidateRect 4088->4068 4089 404d6d 4088->4089 4102 40470e 4089->4102 4091 404c7b SendMessageA 4090->4091 4094 404c91 4090->4094 4091->4094 4093 404d05 SendMessageA SendMessageA 4093->4094 4094->4088 4094->4093 4095->4056 4096->4054 4098 4047b2 SendMessageA 4097->4098 4099 404776 GetMessagePos ScreenToClient SendMessageA 4097->4099 4100 4047aa 4098->4100 4099->4100 4101 4047af 4099->4101 4100->4057 4101->4098 4105 404649 4102->4105 4104 404723 4104->4068 4106 40465f 4105->4106 4107 405bba 18 API calls 4106->4107 4108 4046c3 4107->4108 4109 405bba 18 API calls 4108->4109 4110 4046ce 4109->4110 4111 405bba 18 API calls 4110->4111 4112 4046e4 lstrlenA wsprintfA SetDlgItemTextA 4111->4112 4112->4104 4113 404dd4 4114 404de2 4113->4114 4115 404df9 4113->4115 4117 404e62 4114->4117 4118 404de8 4114->4118 4116 404e07 IsWindowVisible 4115->4116 4121 404e1e 4115->4121 4116->4117 4119 404e14 4116->4119 4120 404e68 CallWindowProcA 4117->4120 4122 403ea0 SendMessageA 4118->4122 4124 404753 5 API calls 4119->4124 4123 404df2 4120->4123 4121->4120 4132 405b98 lstrcpynA 4121->4132 4122->4123 4124->4121 4126 404e4d 4133 405af6 wsprintfA 4126->4133 4128 404e54 4129 40140b 2 API calls 4128->4129 4130 404e5b 4129->4130 4134 405b98 lstrcpynA 4130->4134 4132->4126 4133->4128 4134->4117 4135 4061d4 4137 406058 4135->4137 4136 4069c3 4137->4136 4138 4060e2 GlobalAlloc 4137->4138 4139 4060d9 GlobalFree 4137->4139 4140 406150 GlobalFree 4137->4140 4141 406159 GlobalAlloc 4137->4141 4138->4136 4138->4137 4139->4138 4140->4141 4141->4136 4141->4137 4142 402256 4143 40225e 4142->4143 4146 402264 4142->4146 4144 402a29 18 API calls 4143->4144 4144->4146 4145 402274 4148 402282 4145->4148 4149 402a29 18 API calls 4145->4149 4146->4145 4147 402a29 18 API calls 4146->4147 4147->4145 4150 402a29 18 API calls 4148->4150 4149->4148 4151 40228b WritePrivateProfileStringA 4150->4151 4152 4014d6 4153 402a0c 18 API calls 4152->4153 4154 4014dc Sleep 4153->4154 4156 4028be 4154->4156 4157 40245a 4167 402b33 4157->4167 4159 402464 4160 402a0c 18 API calls 4159->4160 4161 40246d 4160->4161 4162 40268f 4161->4162 4163 402490 RegEnumValueA 4161->4163 4164 402484 RegEnumKeyA 4161->4164 4163->4162 4165 4024a9 RegCloseKey 4163->4165 4164->4165 4165->4162 4168 402a29 18 API calls 4167->4168 4169 402b4c 4168->4169 4170 402b5a RegOpenKeyExA 4169->4170 4170->4159 4171 4022da 4172 40230a 4171->4172 4173 4022df 4171->4173 4175 402a29 18 API calls 4172->4175 4174 402b33 19 API calls 4173->4174 4177 4022e6 4174->4177 4176 402311 4175->4176 4182 402a69 RegOpenKeyExA 4176->4182 4178 402327 4177->4178 4179 402a29 18 API calls 4177->4179 4181 4022f7 RegDeleteValueA RegCloseKey 4179->4181 4181->4178 4183 402ae0 4182->4183 4185 402a94 4182->4185 4183->4178 4184 402aba RegEnumKeyA 4184->4185 4186 402acc RegCloseKey 4184->4186 4185->4184 4185->4186 4187 402af1 RegCloseKey 4185->4187 4190 402a69 5 API calls 4185->4190 4188 405f28 5 API calls 4186->4188 4187->4183 4189 402adc 4188->4189 4189->4183 4191 402b0c RegDeleteKeyA 4189->4191 4190->4185 4191->4183 4192 40155b 4193 401565 4192->4193 4194 401577 ShowWindow 4193->4194 4195 40157e 4193->4195 4194->4195 4196 40158c ShowWindow 4195->4196 4197 4028be 4195->4197 4196->4197 4205 401cde GetDlgItem GetClientRect 4206 402a29 18 API calls 4205->4206 4207 401d0e LoadImageA SendMessageA 4206->4207 4208 401d2c DeleteObject 4207->4208 4209 4028be 4207->4209 4208->4209 4210 401dde 4211 402a29 18 API calls 4210->4211 4212 401de4 4211->4212 4213 402a29 18 API calls 4212->4213 4214 401ded 4213->4214 4215 402a29 18 API calls 4214->4215 4216 401df6 4215->4216 4217 402a29 18 API calls 4216->4217 4218 401dff 4217->4218 4219 401423 25 API calls 4218->4219 4220 401e06 ShellExecuteA 4219->4220 4221 401e33 4220->4221 4222 401662 4223 402a29 18 API calls 4222->4223 4224 401669 4223->4224 4225 402a29 18 API calls 4224->4225 4226 401672 4225->4226 4227 402a29 18 API calls 4226->4227 4228 40167b MoveFileA 4227->4228 4229 401687 4228->4229 4230 40168e 4228->4230 4231 401423 25 API calls 4229->4231 4232 405e93 2 API calls 4230->4232 4234 40219c 4230->4234 4231->4234 4233 40169d 4232->4233 4233->4234 4235 4058e6 40 API calls 4233->4235 4235->4229 4236 401ee2 4237 402a29 18 API calls 4236->4237 4238 401ee9 4237->4238 4239 405f28 5 API calls 4238->4239 4240 401ef8 4239->4240 4241 401f10 GlobalAlloc 4240->4241 4250 401f78 4240->4250 4242 401f24 4241->4242 4241->4250 4243 405f28 5 API calls 4242->4243 4244 401f2b 4243->4244 4245 405f28 5 API calls 4244->4245 4246 401f35 4245->4246 4246->4250 4251 405af6 wsprintfA 4246->4251 4248 401f6c 4252 405af6 wsprintfA 4248->4252 4251->4248 4252->4250 4253 4023e2 4254 402b33 19 API calls 4253->4254 4255 4023ec 4254->4255 4256 402a29 18 API calls 4255->4256 4257 4023f5 4256->4257 4258 40268f 4257->4258 4259 4023ff RegQueryValueExA 4257->4259 4260 40241f 4259->4260 4261 402425 RegCloseKey 4259->4261 4260->4261 4264 405af6 wsprintfA 4260->4264 4261->4258 4264->4261 4265 4045e3 4266 4045f3 4265->4266 4267 40460f 4265->4267 4276 40543d GetDlgItemTextA 4266->4276 4269 404642 4267->4269 4270 404615 SHGetPathFromIDListA 4267->4270 4272 404625 4270->4272 4275 40462c SendMessageA 4270->4275 4271 404600 SendMessageA 4271->4267 4274 40140b 2 API calls 4272->4274 4274->4275 4275->4269 4276->4271 4277 100013a4 4284 10001426 4277->4284 4285 100013d0 4284->4285 4287 1000142f 4284->4287 4289 100010d0 GetVersionExA 4285->4289 4286 1000145f GlobalFree 4286->4285 4287->4285 4287->4286 4288 1000144b lstrcpynA 4287->4288 4288->4286 4290 10001106 4289->4290 4303 100010fc 4289->4303 4291 10001122 LoadLibraryW 4290->4291 4292 1000110e 4290->4292 4293 1000113b GetProcAddress 4291->4293 4302 100011a5 4291->4302 4294 10001225 LoadLibraryA 4292->4294 4292->4303 4295 1000118e 4293->4295 4296 1000114e LocalAlloc 4293->4296 4297 1000123d GetProcAddress GetProcAddress GetProcAddress 4294->4297 4294->4303 4299 1000119a FreeLibrary 4295->4299 4298 10001189 4296->4298 4300 10001323 FreeLibrary 4297->4300 4312 1000126b 4297->4312 4298->4295 4301 1000115c NtQuerySystemInformation 4298->4301 4299->4302 4300->4303 4301->4299 4304 1000116f LocalFree 4301->4304 4302->4303 4305 100011c1 WideCharToMultiByte lstrcmpiA 4302->4305 4307 10001217 LocalFree 4302->4307 4308 100011f7 4302->4308 4315 100014ba wsprintfA 4303->4315 4304->4295 4306 10001180 LocalAlloc 4304->4306 4305->4302 4306->4298 4307->4303 4308->4302 4309 1000103f 8 API calls 4308->4309 4309->4308 4310 100012a2 lstrlenA 4310->4312 4311 1000131c CloseHandle 4311->4300 4312->4300 4312->4310 4312->4311 4313 100012c4 lstrcpynA lstrcmpiA 4312->4313 4314 1000103f 8 API calls 4312->4314 4313->4312 4314->4312 4318 10001475 4315->4318 4319 100013e3 4318->4319 4320 1000147e GlobalAlloc lstrcpynA 4318->4320 4320->4319 3361 10001426 3362 1000146f 3361->3362 3364 1000142f 3361->3364 3363 1000145f GlobalFree 3363->3362 3364->3362 3364->3363 3365 1000144b lstrcpynA 3364->3365 3365->3363 4321 403f68 lstrcpynA lstrlenA 4322 402b6e 4323 402b7d SetTimer 4322->4323 4326 402b96 4322->4326 4323->4326 4324 402beb 4325 402bb0 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4325->4324 4326->4324 4326->4325 4327 4014f0 SetForegroundWindow 4328 4028be 4327->4328 4329 402671 4330 402a29 18 API calls 4329->4330 4331 402678 FindFirstFileA 4330->4331 4332 40269b 4331->4332 4333 40268b 4331->4333 4334 4026a2 4332->4334 4337 405af6 wsprintfA 4332->4337 4338 405b98 lstrcpynA 4334->4338 4337->4334 4338->4333 4339 4024f1 4340 4024f6 4339->4340 4341 402507 4339->4341 4342 402a0c 18 API calls 4340->4342 4343 402a29 18 API calls 4341->4343 4345 4024fd 4342->4345 4344 40250e lstrlenA 4343->4344 4344->4345 4346 40268f 4345->4346 4347 40252d WriteFile 4345->4347 4347->4346 4360 4018f5 4361 40192c 4360->4361 4362 402a29 18 API calls 4361->4362 4363 401931 4362->4363 4364 4054bd 70 API calls 4363->4364 4365 40193a 4364->4365 4366 4018f8 4367 402a29 18 API calls 4366->4367 4368 4018ff 4367->4368 4369 405459 MessageBoxIndirectA 4368->4369 4370 401908 4369->4370 3685 4030fb SetErrorMode GetVersion 3686 403133 3685->3686 3687 403139 3685->3687 3688 405f28 5 API calls 3686->3688 3689 405eba 3 API calls 3687->3689 3688->3687 3690 40314f lstrlenA 3689->3690 3690->3687 3691 40315e 3690->3691 3692 405f28 5 API calls 3691->3692 3693 403165 3692->3693 3694 405f28 5 API calls 3693->3694 3695 40316c #17 OleInitialize SHGetFileInfoA 3694->3695 3775 405b98 lstrcpynA 3695->3775 3697 4031a9 GetCommandLineA 3776 405b98 lstrcpynA 3697->3776 3699 4031bb GetModuleHandleA 3700 4031d2 3699->3700 3701 4056b6 CharNextA 3700->3701 3702 4031e6 CharNextA 3701->3702 3708 4031f3 3702->3708 3703 403260 3704 403273 GetTempPathA 3703->3704 3777 4030ca 3704->3777 3706 403289 3709 4032b1 DeleteFileA 3706->3709 3710 40328d GetWindowsDirectoryA lstrcatA 3706->3710 3707 4056b6 CharNextA 3707->3708 3708->3703 3708->3707 3713 403262 3708->3713 3787 402c55 GetTickCount GetModuleFileNameA 3709->3787 3711 4030ca 12 API calls 3710->3711 3715 4032a9 3711->3715 3871 405b98 lstrcpynA 3713->3871 3714 4032c5 3719 4056b6 CharNextA 3714->3719 3752 40331e 3714->3752 3770 40332e 3714->3770 3715->3709 3715->3770 3721 4032dc 3719->3721 3729 4032f9 3721->3729 3730 40335d 3721->3730 3722 403456 3725 4034f9 ExitProcess 3722->3725 3728 405f28 5 API calls 3722->3728 3723 403347 3724 405459 MessageBoxIndirectA 3723->3724 3727 403355 ExitProcess 3724->3727 3731 403469 3728->3731 3732 40576c 18 API calls 3729->3732 3733 4053e0 5 API calls 3730->3733 3734 405f28 5 API calls 3731->3734 3736 403304 3732->3736 3737 403362 lstrcatA 3733->3737 3735 403472 3734->3735 3738 405f28 5 API calls 3735->3738 3736->3770 3872 405b98 lstrcpynA 3736->3872 3739 403373 lstrcatA 3737->3739 3740 40337e lstrcatA lstrcmpiA 3737->3740 3741 40347b 3738->3741 3739->3740 3743 40339a 3740->3743 3740->3770 3746 403499 3741->3746 3755 403489 GetCurrentProcess 3741->3755 3744 4033a6 3743->3744 3745 40339f 3743->3745 3749 4053c3 2 API calls 3744->3749 3748 405346 4 API calls 3745->3748 3750 405f28 5 API calls 3746->3750 3747 403313 3873 405b98 lstrcpynA 3747->3873 3753 4033a4 3748->3753 3754 4033ab SetCurrentDirectoryA 3749->3754 3756 4034d0 3750->3756 3815 4035eb 3752->3815 3753->3754 3757 4033c5 3754->3757 3758 4033ba 3754->3758 3755->3746 3759 4034e5 ExitWindowsEx 3756->3759 3760 4034f2 3756->3760 3882 405b98 lstrcpynA 3757->3882 3881 405b98 lstrcpynA 3758->3881 3759->3725 3759->3760 3763 40140b 2 API calls 3760->3763 3763->3725 3764 405bba 18 API calls 3765 4033f5 DeleteFileA 3764->3765 3766 403402 CopyFileA 3765->3766 3772 4033d3 3765->3772 3766->3772 3767 40344a 3769 4058e6 40 API calls 3767->3769 3768 4058e6 40 API calls 3768->3772 3769->3770 3874 403511 3770->3874 3771 405bba 18 API calls 3771->3772 3772->3764 3772->3767 3772->3768 3772->3771 3773 4053f8 2 API calls 3772->3773 3774 403436 CloseHandle 3772->3774 3773->3772 3774->3772 3775->3697 3776->3699 3778 405dfa 5 API calls 3777->3778 3780 4030d6 3778->3780 3779 4030e0 3779->3706 3780->3779 3781 40568b 3 API calls 3780->3781 3782 4030e8 3781->3782 3783 4053c3 2 API calls 3782->3783 3784 4030ee 3783->3784 3883 40589e 3784->3883 3887 40586f GetFileAttributesA CreateFileA 3787->3887 3789 402c95 3807 402ca5 3789->3807 3888 405b98 lstrcpynA 3789->3888 3791 402cbb 3792 4056d2 2 API calls 3791->3792 3793 402cc1 3792->3793 3889 405b98 lstrcpynA 3793->3889 3795 402ccc GetFileSize 3800 402ce3 3795->3800 3811 402dc8 3795->3811 3797 402dd1 3799 402e01 GlobalAlloc 3797->3799 3797->3807 3901 4030b3 SetFilePointer 3797->3901 3798 403081 ReadFile 3798->3800 3902 4030b3 SetFilePointer 3799->3902 3800->3798 3802 402e34 3800->3802 3800->3807 3810 402bf1 6 API calls 3800->3810 3800->3811 3804 402bf1 6 API calls 3802->3804 3804->3807 3805 402dea 3808 403081 ReadFile 3805->3808 3806 402e1c 3809 402e8e 37 API calls 3806->3809 3807->3714 3812 402df5 3808->3812 3813 402e28 3809->3813 3810->3800 3890 402bf1 3811->3890 3812->3799 3812->3807 3813->3807 3813->3813 3814 402e65 SetFilePointer 3813->3814 3814->3807 3816 405f28 5 API calls 3815->3816 3817 4035ff 3816->3817 3818 403605 3817->3818 3819 403617 3817->3819 3912 405af6 wsprintfA 3818->3912 3820 405a7f 3 API calls 3819->3820 3821 403638 3820->3821 3822 403656 lstrcatA 3821->3822 3825 405a7f 3 API calls 3821->3825 3824 403615 3822->3824 3903 4038b4 3824->3903 3825->3822 3828 40576c 18 API calls 3829 403688 3828->3829 3830 403711 3829->3830 3833 405a7f 3 API calls 3829->3833 3831 40576c 18 API calls 3830->3831 3832 403717 3831->3832 3834 403727 LoadImageA 3832->3834 3836 405bba 18 API calls 3832->3836 3835 4036b4 3833->3835 3837 403752 RegisterClassA 3834->3837 3838 4037db 3834->3838 3835->3830 3839 4036d0 lstrlenA 3835->3839 3842 4056b6 CharNextA 3835->3842 3836->3834 3840 40378e SystemParametersInfoA CreateWindowExA 3837->3840 3870 4037e5 3837->3870 3841 40140b 2 API calls 3838->3841 3843 403704 3839->3843 3844 4036de lstrcmpiA 3839->3844 3840->3838 3845 4037e1 3841->3845 3846 4036ce 3842->3846 3848 40568b 3 API calls 3843->3848 3844->3843 3847 4036ee GetFileAttributesA 3844->3847 3850 4038b4 19 API calls 3845->3850 3845->3870 3846->3839 3849 4036fa 3847->3849 3851 40370a 3848->3851 3849->3843 3852 4056d2 2 API calls 3849->3852 3853 4037f2 3850->3853 3913 405b98 lstrcpynA 3851->3913 3852->3843 3855 403881 3853->3855 3856 4037fe ShowWindow 3853->3856 3857 404f56 5 API calls 3855->3857 3858 405eba 3 API calls 3856->3858 3859 403887 3857->3859 3860 403816 3858->3860 3862 4038a3 3859->3862 3863 40388b 3859->3863 3861 403824 GetClassInfoA 3860->3861 3864 405eba 3 API calls 3860->3864 3866 403838 GetClassInfoA RegisterClassA 3861->3866 3867 40384e DialogBoxParamA 3861->3867 3865 40140b 2 API calls 3862->3865 3869 40140b 2 API calls 3863->3869 3863->3870 3864->3861 3865->3870 3866->3867 3868 40140b 2 API calls 3867->3868 3868->3870 3869->3870 3870->3770 3871->3704 3872->3747 3873->3752 3875 403529 3874->3875 3876 40351b CloseHandle 3874->3876 3915 403556 3875->3915 3876->3875 3879 4054bd 70 API calls 3880 403337 OleUninitialize 3879->3880 3880->3722 3880->3723 3881->3757 3882->3772 3884 4058a9 GetTickCount GetTempFileNameA 3883->3884 3885 4030f9 3884->3885 3886 4058d5 3884->3886 3885->3706 3886->3884 3886->3885 3887->3789 3888->3791 3889->3795 3891 402c12 3890->3891 3892 402bfa 3890->3892 3895 402c22 GetTickCount 3891->3895 3896 402c1a 3891->3896 3893 402c03 DestroyWindow 3892->3893 3894 402c0a 3892->3894 3893->3894 3894->3797 3898 402c30 CreateDialogParamA ShowWindow 3895->3898 3899 402c53 3895->3899 3897 405f64 2 API calls 3896->3897 3900 402c20 3897->3900 3898->3899 3899->3797 3900->3797 3901->3805 3902->3806 3904 4038c8 3903->3904 3914 405af6 wsprintfA 3904->3914 3906 403939 3907 405bba 18 API calls 3906->3907 3908 403945 SetWindowTextA 3907->3908 3909 403961 3908->3909 3910 403666 3908->3910 3909->3910 3911 405bba 18 API calls 3909->3911 3910->3828 3911->3909 3912->3824 3913->3830 3914->3906 3916 403564 3915->3916 3917 40352e 3916->3917 3918 403569 FreeLibrary GlobalFree 3916->3918 3917->3879 3918->3917 3918->3918 4371 4014fe 4372 401506 4371->4372 4374 401519 4371->4374 4373 402a0c 18 API calls 4372->4373 4373->4374 4375 4025ff 4376 402606 4375->4376 4377 40286b 4375->4377 4378 402a0c 18 API calls 4376->4378 4379 402611 4378->4379 4380 402618 SetFilePointer 4379->4380 4380->4377 4381 402628 4380->4381 4383 405af6 wsprintfA 4381->4383 4383->4377 4384 401000 4385 401037 BeginPaint GetClientRect 4384->4385 4386 40100c DefWindowProcA 4384->4386 4388 4010f3 4385->4388 4389 401179 4386->4389 4390 401073 CreateBrushIndirect FillRect DeleteObject 4388->4390 4391 4010fc 4388->4391 4390->4388 4392 401102 CreateFontIndirectA 4391->4392 4393 401167 EndPaint 4391->4393 4392->4393 4394 401112 6 API calls 4392->4394 4393->4389 4394->4393 3097 403981 3098 403ad4 3097->3098 3099 403999 3097->3099 3101 403b25 3098->3101 3102 403ae5 GetDlgItem GetDlgItem 3098->3102 3099->3098 3100 4039a5 3099->3100 3105 4039b0 SetWindowPos 3100->3105 3106 4039c3 3100->3106 3104 403b7f 3101->3104 3114 401389 2 API calls 3101->3114 3103 403e54 19 API calls 3102->3103 3109 403b0f SetClassLongA 3103->3109 3127 403acf 3104->3127 3167 403ea0 3104->3167 3105->3106 3107 4039e0 3106->3107 3108 4039c8 ShowWindow 3106->3108 3111 403a02 3107->3111 3112 4039e8 DestroyWindow 3107->3112 3108->3107 3113 40140b 2 API calls 3109->3113 3115 403a07 SetWindowLongA 3111->3115 3116 403a18 3111->3116 3166 403ddd 3112->3166 3113->3101 3117 403b57 3114->3117 3115->3127 3119 403ac1 3116->3119 3120 403a24 GetDlgItem 3116->3120 3117->3104 3121 403b5b SendMessageA 3117->3121 3118 403ddf DestroyWindow EndDialog 3118->3166 3204 403ebb 3119->3204 3123 403a37 SendMessageA IsWindowEnabled 3120->3123 3130 403a54 3120->3130 3121->3127 3122 40140b 2 API calls 3156 403b91 3122->3156 3123->3127 3123->3130 3125 403e0e ShowWindow 3125->3127 3128 403a59 3201 403e2d 3128->3201 3129 403a61 3129->3128 3133 403aa8 SendMessageA 3129->3133 3130->3128 3130->3129 3130->3133 3134 403a74 3130->3134 3132 403e54 19 API calls 3132->3156 3133->3119 3136 403a91 3134->3136 3137 403a7c 3134->3137 3135 403a8f 3135->3119 3139 40140b 2 API calls 3136->3139 3198 40140b 3137->3198 3140 403a98 3139->3140 3140->3119 3140->3128 3142 403c0c GetDlgItem 3143 403c21 3142->3143 3144 403c29 ShowWindow KiUserCallbackDispatcher 3142->3144 3143->3144 3191 403e76 KiUserCallbackDispatcher 3144->3191 3146 403c53 KiUserCallbackDispatcher 3149 403c67 3146->3149 3147 403c6c GetSystemMenu EnableMenuItem SendMessageA 3148 403c9c SendMessageA 3147->3148 3147->3149 3148->3149 3149->3147 3192 403e89 SendMessageA 3149->3192 3193 405b98 lstrcpynA 3149->3193 3152 403cca lstrlenA 3153 405bba 18 API calls 3152->3153 3154 403cdb SetWindowTextA 3153->3154 3194 401389 3154->3194 3156->3118 3156->3122 3156->3127 3156->3132 3157 403d1f DestroyWindow 3156->3157 3170 405bba 3156->3170 3188 403e54 3156->3188 3158 403d39 CreateDialogParamA 3157->3158 3157->3166 3159 403d6c 3158->3159 3158->3166 3160 403e54 19 API calls 3159->3160 3161 403d77 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3160->3161 3162 401389 2 API calls 3161->3162 3163 403dbd 3162->3163 3163->3127 3164 403dc5 ShowWindow 3163->3164 3165 403ea0 SendMessageA 3164->3165 3165->3166 3166->3125 3166->3127 3168 403eb8 3167->3168 3169 403ea9 SendMessageA 3167->3169 3168->3156 3169->3168 3186 405bc7 3170->3186 3171 405de1 3172 405df6 3171->3172 3234 405b98 lstrcpynA 3171->3234 3172->3156 3174 405c5f GetVersion 3174->3186 3175 405db8 lstrlenA 3175->3186 3178 405bba 10 API calls 3178->3175 3180 405cd7 GetSystemDirectoryA 3180->3186 3181 405cea GetWindowsDirectoryA 3181->3186 3183 405d1e SHGetSpecialFolderLocation 3183->3186 3187 405d36 SHGetPathFromIDListA CoTaskMemFree 3183->3187 3184 405bba 10 API calls 3184->3186 3185 405d61 lstrcatA 3185->3186 3186->3171 3186->3174 3186->3175 3186->3178 3186->3180 3186->3181 3186->3183 3186->3184 3186->3185 3218 405a7f RegOpenKeyExA 3186->3218 3223 405dfa 3186->3223 3232 405af6 wsprintfA 3186->3232 3233 405b98 lstrcpynA 3186->3233 3187->3186 3189 405bba 18 API calls 3188->3189 3190 403e5f SetDlgItemTextA 3189->3190 3190->3142 3191->3146 3192->3149 3193->3152 3196 401390 3194->3196 3195 4013fe 3195->3156 3196->3195 3197 4013cb MulDiv SendMessageA 3196->3197 3197->3196 3199 401389 2 API calls 3198->3199 3200 401420 3199->3200 3200->3128 3202 403e34 3201->3202 3203 403e3a SendMessageA 3201->3203 3202->3203 3203->3135 3205 403ed3 GetWindowLongA 3204->3205 3215 403f5c 3204->3215 3206 403ee4 3205->3206 3205->3215 3207 403ef3 GetSysColor 3206->3207 3208 403ef6 3206->3208 3207->3208 3209 403f06 SetBkMode 3208->3209 3210 403efc SetTextColor 3208->3210 3211 403f24 3209->3211 3212 403f1e GetSysColor 3209->3212 3210->3209 3213 403f35 3211->3213 3214 403f2b SetBkColor 3211->3214 3212->3211 3213->3215 3216 403f48 DeleteObject 3213->3216 3217 403f4f CreateBrushIndirect 3213->3217 3214->3213 3215->3127 3216->3217 3217->3215 3219 405af0 3218->3219 3220 405ab2 RegQueryValueExA 3218->3220 3219->3186 3221 405ad3 RegCloseKey 3220->3221 3221->3219 3230 405e06 3223->3230 3224 405e72 CharPrevA 3227 405e6e 3224->3227 3225 405e63 CharNextA 3225->3227 3225->3230 3227->3224 3228 405e8d 3227->3228 3228->3186 3229 405e51 CharNextA 3229->3230 3230->3225 3230->3227 3230->3229 3231 405e5e CharNextA 3230->3231 3235 4056b6 3230->3235 3231->3225 3232->3186 3233->3186 3234->3172 3236 4056bc 3235->3236 3237 4056cf 3236->3237 3238 4056c2 CharNextA 3236->3238 3237->3230 3238->3236 4395 401b02 4396 402a29 18 API calls 4395->4396 4397 401b09 4396->4397 4398 402a0c 18 API calls 4397->4398 4399 401b12 wsprintfA 4398->4399 4400 4028be 4399->4400 4401 401a03 4402 402a29 18 API calls 4401->4402 4403 401a0c ExpandEnvironmentStringsA 4402->4403 4404 401a20 4403->4404 4406 401a33 4403->4406 4405 401a25 lstrcmpA 4404->4405 4404->4406 4405->4406 3334 401f84 3335 401f96 3334->3335 3336 402045 3334->3336 3352 402a29 3335->3352 3339 401423 25 API calls 3336->3339 3344 40219c 3339->3344 3340 402a29 18 API calls 3341 401fa6 3340->3341 3342 401fbb LoadLibraryExA 3341->3342 3343 401fae GetModuleHandleA 3341->3343 3342->3336 3345 401fcb GetProcAddress 3342->3345 3343->3342 3343->3345 3346 402018 3345->3346 3347 401fdb 3345->3347 3348 404e84 25 API calls 3346->3348 3349 401feb 3347->3349 3358 401423 3347->3358 3348->3349 3349->3344 3351 402039 FreeLibrary 3349->3351 3351->3344 3353 402a35 3352->3353 3354 405bba 18 API calls 3353->3354 3355 402a56 3354->3355 3356 401f9d 3355->3356 3357 405dfa 5 API calls 3355->3357 3356->3340 3357->3356 3359 404e84 25 API calls 3358->3359 3360 401431 3359->3360 3360->3349 4421 401c8a 4422 402a0c 18 API calls 4421->4422 4423 401c90 IsWindow 4422->4423 4424 4019f3 4423->4424 3518 100010d0 GetVersionExA 3519 10001106 3518->3519 3532 100010fc 3518->3532 3520 10001122 LoadLibraryW 3519->3520 3521 1000110e 3519->3521 3522 1000113b GetProcAddress 3520->3522 3531 100011a5 3520->3531 3523 10001225 LoadLibraryA 3521->3523 3521->3532 3524 1000118e 3522->3524 3525 1000114e LocalAlloc 3522->3525 3526 1000123d GetProcAddress GetProcAddress GetProcAddress 3523->3526 3523->3532 3528 1000119a FreeLibrary 3524->3528 3527 10001189 3525->3527 3529 10001323 FreeLibrary 3526->3529 3541 1000126b 3526->3541 3527->3524 3530 1000115c NtQuerySystemInformation 3527->3530 3528->3531 3529->3532 3530->3528 3533 1000116f LocalFree 3530->3533 3531->3532 3534 100011c1 WideCharToMultiByte lstrcmpiA 3531->3534 3536 10001217 LocalFree 3531->3536 3537 100011f7 3531->3537 3533->3524 3535 10001180 LocalAlloc 3533->3535 3534->3531 3535->3527 3536->3532 3537->3531 3544 1000103f OpenProcess 3537->3544 3539 100012a2 lstrlenA 3539->3541 3540 1000131c CloseHandle 3540->3529 3541->3529 3541->3539 3541->3540 3542 100012c4 lstrcpynA lstrcmpiA 3541->3542 3543 1000103f 8 API calls 3541->3543 3542->3541 3543->3541 3545 10001060 3544->3545 3546 100010cb 3544->3546 3547 1000106b EnumWindows 3545->3547 3548 100010ac TerminateProcess 3545->3548 3546->3537 3547->3548 3549 1000107f GetExitCodeProcess 3547->3549 3554 10001007 GetWindowThreadProcessId 3547->3554 3550 100010a7 3548->3550 3551 100010be CloseHandle 3548->3551 3549->3550 3552 1000108e 3549->3552 3550->3551 3551->3546 3552->3550 3553 10001097 WaitForSingleObject 3552->3553 3553->3548 3553->3550 3555 10001024 PostMessageA 3554->3555 3556 10001036 3554->3556 3555->3556 4425 401490 4426 404e84 25 API calls 4425->4426 4427 401497 4426->4427 4435 404292 4436 4042be 4435->4436 4437 4042cf 4435->4437 4496 40543d GetDlgItemTextA 4436->4496 4439 4042db GetDlgItem 4437->4439 4445 40433a 4437->4445 4441 4042ef 4439->4441 4440 4042c9 4443 405dfa 5 API calls 4440->4443 4444 404303 SetWindowTextA 4441->4444 4451 40571f 4 API calls 4441->4451 4442 40441e 4494 4045c8 4442->4494 4498 40543d GetDlgItemTextA 4442->4498 4443->4437 4447 403e54 19 API calls 4444->4447 4445->4442 4448 405bba 18 API calls 4445->4448 4445->4494 4452 40431f 4447->4452 4453 4043ae SHBrowseForFolderA 4448->4453 4449 40444e 4454 40576c 18 API calls 4449->4454 4450 403ebb 8 API calls 4455 4045dc 4450->4455 4456 4042f9 4451->4456 4457 403e54 19 API calls 4452->4457 4453->4442 4458 4043c6 CoTaskMemFree 4453->4458 4459 404454 4454->4459 4456->4444 4462 40568b 3 API calls 4456->4462 4460 40432d 4457->4460 4461 40568b 3 API calls 4458->4461 4499 405b98 lstrcpynA 4459->4499 4497 403e89 SendMessageA 4460->4497 4464 4043d3 4461->4464 4462->4444 4467 40440a SetDlgItemTextA 4464->4467 4471 405bba 18 API calls 4464->4471 4466 404333 4469 405f28 5 API calls 4466->4469 4467->4442 4468 40446b 4470 405f28 5 API calls 4468->4470 4469->4445 4478 404472 4470->4478 4472 4043f2 lstrcmpiA 4471->4472 4472->4467 4475 404403 lstrcatA 4472->4475 4473 4044ae 4500 405b98 lstrcpynA 4473->4500 4475->4467 4476 4044b5 4477 40571f 4 API calls 4476->4477 4479 4044bb GetDiskFreeSpaceA 4477->4479 4478->4473 4481 4056d2 2 API calls 4478->4481 4483 404506 4478->4483 4482 4044df MulDiv 4479->4482 4479->4483 4481->4478 4482->4483 4484 404577 4483->4484 4485 40470e 21 API calls 4483->4485 4486 40459a 4484->4486 4488 40140b 2 API calls 4484->4488 4487 404564 4485->4487 4501 403e76 KiUserCallbackDispatcher 4486->4501 4490 404579 SetDlgItemTextA 4487->4490 4491 404569 4487->4491 4488->4486 4490->4484 4493 404649 21 API calls 4491->4493 4492 4045b6 4492->4494 4495 404227 SendMessageA 4492->4495 4493->4484 4494->4450 4495->4494 4496->4440 4497->4466 4498->4449 4499->4468 4500->4476 4501->4492 4502 401595 4503 402a29 18 API calls 4502->4503 4504 40159c SetFileAttributesA 4503->4504 4505 4015ae 4504->4505 4506 401717 4507 402a29 18 API calls 4506->4507 4508 40171e SearchPathA 4507->4508 4509 401739 4508->4509 4510 402899 SendMessageA 4511 4028b3 InvalidateRect 4510->4511 4512 4028be 4510->4512 4511->4512 4513 40229a 4514 402a29 18 API calls 4513->4514 4515 4022a8 4514->4515 4516 402a29 18 API calls 4515->4516 4517 4022b1 4516->4517 4518 402a29 18 API calls 4517->4518 4519 4022bb GetPrivateProfileStringA 4518->4519 3919 403f9c 3920 403fb2 3919->3920 3925 4040bf 3919->3925 3923 403e54 19 API calls 3920->3923 3921 40412e 3922 404202 3921->3922 3924 404138 GetDlgItem 3921->3924 3930 403ebb 8 API calls 3922->3930 3926 404008 3923->3926 3927 4041c0 3924->3927 3928 40414e 3924->3928 3925->3921 3925->3922 3929 404103 GetDlgItem SendMessageA 3925->3929 3931 403e54 19 API calls 3926->3931 3927->3922 3932 4041d2 3927->3932 3928->3927 3936 404174 6 API calls 3928->3936 3950 403e76 KiUserCallbackDispatcher 3929->3950 3934 4041fd 3930->3934 3935 404015 CheckDlgButton 3931->3935 3937 4041d8 SendMessageA 3932->3937 3938 4041e9 3932->3938 3948 403e76 KiUserCallbackDispatcher 3935->3948 3936->3927 3937->3938 3938->3934 3941 4041ef SendMessageA 3938->3941 3939 404129 3951 404227 3939->3951 3941->3934 3943 404033 GetDlgItem 3949 403e89 SendMessageA 3943->3949 3945 404049 SendMessageA 3946 404070 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3945->3946 3947 404067 GetSysColor 3945->3947 3946->3934 3947->3946 3948->3943 3949->3945 3950->3939 3952 404235 3951->3952 3953 40423a SendMessageA 3951->3953 3952->3953 3953->3921 4520 40149d 4521 402241 4520->4521 4522 4014ab PostQuitMessage 4520->4522 4522->4521 3307 401b23 3308 401b30 3307->3308 3309 401b74 3307->3309 3310 40222e 3308->3310 3316 401b47 3308->3316 3311 401b78 3309->3311 3312 401b9d GlobalAlloc 3309->3312 3314 405bba 18 API calls 3310->3314 3320 401bb8 3311->3320 3328 405b98 lstrcpynA 3311->3328 3313 405bba 18 API calls 3312->3313 3313->3320 3315 40223b 3314->3315 3329 405459 3315->3329 3326 405b98 lstrcpynA 3316->3326 3319 401b8a GlobalFree 3319->3320 3321 401b56 3327 405b98 lstrcpynA 3321->3327 3324 401b65 3333 405b98 lstrcpynA 3324->3333 3326->3321 3327->3324 3328->3319 3332 40546e 3329->3332 3330 4054ba 3330->3320 3331 405482 MessageBoxIndirectA 3331->3330 3332->3330 3332->3331 3333->3320 4530 10001363 4531 10001426 2 API calls 4530->4531 4532 1000138f 4531->4532 4533 100010d0 28 API calls 4532->4533 4534 10001399 4533->4534 4535 100014ba 3 API calls 4534->4535 4536 100013a2 4535->4536 4544 4021a5 4545 402a29 18 API calls 4544->4545 4546 4021ab 4545->4546 4547 402a29 18 API calls 4546->4547 4548 4021b4 4547->4548 4549 402a29 18 API calls 4548->4549 4550 4021bd 4549->4550 4551 405e93 2 API calls 4550->4551 4552 4021c6 4551->4552 4553 4021d7 lstrlenA lstrlenA 4552->4553 4554 4021ca 4552->4554 4556 404e84 25 API calls 4553->4556 4555 404e84 25 API calls 4554->4555 4558 4021d2 4554->4558 4555->4558 4557 402213 SHFileOperationA 4556->4557 4557->4554 4557->4558 4559 402227 4560 40222e 4559->4560 4564 402241 4559->4564 4561 405bba 18 API calls 4560->4561 4562 40223b 4561->4562 4563 405459 MessageBoxIndirectA 4562->4563 4563->4564 4565 401ca7 4566 402a0c 18 API calls 4565->4566 4567 401cae 4566->4567 4568 402a0c 18 API calls 4567->4568 4569 401cb6 GetDlgItem 4568->4569 4570 4024eb 4569->4570 4571 4035a9 4572 4035b4 4571->4572 4573 4035b8 4572->4573 4574 4035bb GlobalAlloc 4572->4574 4574->4573 3391 40192a 3392 40192c 3391->3392 3393 402a29 18 API calls 3392->3393 3394 401931 3393->3394 3397 4054bd 3394->3397 3439 40576c 3397->3439 3400 4054f1 3404 405630 3400->3404 3453 405b98 lstrcpynA 3400->3453 3401 4054da DeleteFileA 3402 40193a 3401->3402 3404->3402 3488 405e93 FindFirstFileA 3404->3488 3405 40551b 3406 40552c 3405->3406 3407 40551f lstrcatA 3405->3407 3454 4056d2 lstrlenA 3406->3454 3408 405532 3407->3408 3411 405540 lstrcatA 3408->3411 3412 405537 3408->3412 3414 40554b lstrlenA FindFirstFileA 3411->3414 3412->3411 3412->3414 3416 405626 3414->3416 3436 40556f 3414->3436 3416->3404 3418 4056b6 CharNextA 3418->3436 3419 405850 2 API calls 3420 40565b RemoveDirectoryA 3419->3420 3421 405666 3420->3421 3422 40567d 3420->3422 3421->3402 3425 40566c 3421->3425 3426 404e84 25 API calls 3422->3426 3423 405605 FindNextFileA 3427 40561d FindClose 3423->3427 3423->3436 3428 404e84 25 API calls 3425->3428 3426->3402 3427->3416 3429 405674 3428->3429 3430 4058e6 40 API calls 3429->3430 3433 40567b 3430->3433 3432 4054bd 61 API calls 3432->3436 3433->3402 3435 404e84 25 API calls 3435->3423 3436->3418 3436->3423 3436->3432 3436->3435 3437 404e84 25 API calls 3436->3437 3458 405b98 lstrcpynA 3436->3458 3459 405850 GetFileAttributesA 3436->3459 3462 4058e6 3436->3462 3437->3436 3494 405b98 lstrcpynA 3439->3494 3441 40577d 3495 40571f CharNextA CharNextA 3441->3495 3444 4054d1 3444->3400 3444->3401 3445 405dfa 5 API calls 3450 405793 3445->3450 3446 4057be lstrlenA 3447 4057c9 3446->3447 3446->3450 3449 40568b 3 API calls 3447->3449 3448 405e93 2 API calls 3448->3450 3451 4057ce GetFileAttributesA 3449->3451 3450->3444 3450->3446 3450->3448 3452 4056d2 2 API calls 3450->3452 3451->3444 3452->3446 3453->3405 3455 4056df 3454->3455 3456 4056f0 3455->3456 3457 4056e4 CharPrevA 3455->3457 3456->3408 3457->3455 3457->3456 3458->3436 3460 4055d2 DeleteFileA 3459->3460 3461 40585f SetFileAttributesA 3459->3461 3460->3436 3461->3460 3501 405f28 GetModuleHandleA 3462->3501 3465 40594e GetShortPathNameA 3467 405963 3465->3467 3468 405a43 3465->3468 3467->3468 3470 40596b wsprintfA 3467->3470 3468->3436 3469 405932 CloseHandle GetShortPathNameA 3469->3468 3471 405946 3469->3471 3472 405bba 18 API calls 3470->3472 3471->3465 3471->3468 3473 405993 3472->3473 3508 40586f GetFileAttributesA CreateFileA 3473->3508 3475 4059a0 3475->3468 3476 4059af GetFileSize GlobalAlloc 3475->3476 3477 405a3c CloseHandle 3476->3477 3478 4059cd ReadFile 3476->3478 3477->3468 3478->3477 3479 4059e1 3478->3479 3479->3477 3509 4057e4 lstrlenA 3479->3509 3482 405a50 3484 4057e4 4 API calls 3482->3484 3483 4059f6 3514 405b98 lstrcpynA 3483->3514 3486 405a04 3484->3486 3486->3486 3487 405a17 SetFilePointer WriteFile GlobalFree 3486->3487 3487->3477 3489 40564b 3488->3489 3490 405ea9 FindClose 3488->3490 3489->3402 3491 40568b lstrlenA CharPrevA 3489->3491 3490->3489 3492 405655 3491->3492 3493 4056a5 lstrcatA 3491->3493 3492->3419 3493->3492 3494->3441 3496 405739 3495->3496 3500 405745 3495->3500 3497 405740 CharNextA 3496->3497 3496->3500 3498 405762 3497->3498 3498->3444 3498->3445 3499 4056b6 CharNextA 3499->3500 3500->3498 3500->3499 3502 405f44 3501->3502 3503 405f4e GetProcAddress 3501->3503 3515 405eba GetSystemDirectoryA 3502->3515 3505 4058f1 3503->3505 3505->3465 3505->3468 3507 40586f GetFileAttributesA CreateFileA 3505->3507 3506 405f4a 3506->3503 3506->3505 3507->3469 3508->3475 3510 40581a lstrlenA 3509->3510 3511 405824 3510->3511 3512 4057f8 lstrcmpiA 3510->3512 3511->3482 3511->3483 3512->3511 3513 405811 CharNextA 3512->3513 3513->3510 3514->3486 3516 405edc wsprintfA LoadLibraryExA 3515->3516 3516->3506 4575 40262e 4576 4028be 4575->4576 4577 402635 4575->4577 4578 40263b FindClose 4577->4578 4578->4576 4579 4026af 4580 402a29 18 API calls 4579->4580 4582 4026bd 4580->4582 4581 4026d3 4584 405850 2 API calls 4581->4584 4582->4581 4583 402a29 18 API calls 4582->4583 4583->4581 4585 4026d9 4584->4585 4605 40586f GetFileAttributesA CreateFileA 4585->4605 4587 4026e6 4588 4026f2 GlobalAlloc 4587->4588 4589 40278f 4587->4589 4590 402786 CloseHandle 4588->4590 4591 40270b 4588->4591 4592 402797 DeleteFileA 4589->4592 4593 4027aa 4589->4593 4590->4589 4606 4030b3 SetFilePointer 4591->4606 4592->4593 4595 402711 4596 403081 ReadFile 4595->4596 4597 40271a GlobalAlloc 4596->4597 4598 40272a 4597->4598 4599 40275e WriteFile GlobalFree 4597->4599 4601 402e8e 37 API calls 4598->4601 4600 402e8e 37 API calls 4599->4600 4602 402783 4600->4602 4604 402737 4601->4604 4602->4590 4603 402755 GlobalFree 4603->4599 4604->4603 4605->4587 4606->4595 4607 4027b0 4608 402a0c 18 API calls 4607->4608 4609 4027b6 4608->4609 4610 4027f1 4609->4610 4611 4027da 4609->4611 4616 40268f 4609->4616 4614 402807 4610->4614 4615 4027fb 4610->4615 4612 4027ee 4611->4612 4613 4027df 4611->4613 4612->4616 4622 405af6 wsprintfA 4612->4622 4621 405b98 lstrcpynA 4613->4621 4618 405bba 18 API calls 4614->4618 4617 402a0c 18 API calls 4615->4617 4617->4612 4618->4612 4621->4616 4622->4616 4623 401eb2 4624 402a29 18 API calls 4623->4624 4625 401eb9 4624->4625 4626 405e93 2 API calls 4625->4626 4627 401ebf 4626->4627 4629 401ed1 4627->4629 4630 405af6 wsprintfA 4627->4630 4630->4629 3630 4015b3 3631 402a29 18 API calls 3630->3631 3632 4015ba 3631->3632 3633 40571f 4 API calls 3632->3633 3646 4015c2 3633->3646 3634 40161c 3636 401621 3634->3636 3637 40164a 3634->3637 3635 4056b6 CharNextA 3635->3646 3638 401423 25 API calls 3636->3638 3640 401423 25 API calls 3637->3640 3639 401628 3638->3639 3657 405b98 lstrcpynA 3639->3657 3645 401642 3640->3645 3644 401633 SetCurrentDirectoryA 3644->3645 3646->3634 3646->3635 3647 401604 GetFileAttributesA 3646->3647 3649 4053e0 3646->3649 3652 405346 CreateDirectoryA 3646->3652 3658 4053c3 CreateDirectoryA 3646->3658 3647->3646 3650 405f28 5 API calls 3649->3650 3651 4053e7 3650->3651 3651->3646 3653 405393 3652->3653 3654 405397 GetLastError 3652->3654 3653->3646 3654->3653 3655 4053a6 SetFileSecurityA 3654->3655 3655->3653 3656 4053bc GetLastError 3655->3656 3656->3653 3657->3644 3659 4053d3 3658->3659 3660 4053d7 GetLastError 3658->3660 3659->3646 3660->3659 4631 4016b3 4632 402a29 18 API calls 4631->4632 4633 4016b9 GetFullPathNameA 4632->4633 4636 4016d0 4633->4636 4640 4016f1 4633->4640 4634 401705 GetShortPathNameA 4635 4028be 4634->4635 4637 405e93 2 API calls 4636->4637 4636->4640 4638 4016e1 4637->4638 4638->4640 4641 405b98 lstrcpynA 4638->4641 4640->4634 4640->4635 4641->4640 4642 402336 4643 40233c 4642->4643 4644 402a29 18 API calls 4643->4644 4645 40234e 4644->4645 4646 402a29 18 API calls 4645->4646 4647 402358 RegCreateKeyExA 4646->4647 4648 402382 4647->4648 4649 4028be 4647->4649 4650 402a29 18 API calls 4648->4650 4652 40239a 4648->4652 4653 402393 lstrlenA 4650->4653 4651 4023a6 4655 4023c1 RegSetValueExA 4651->4655 4656 402e8e 37 API calls 4651->4656 4652->4651 4654 402a0c 18 API calls 4652->4654 4653->4652 4654->4651 4657 4023d7 RegCloseKey 4655->4657 4656->4655 4657->4649 4659 402836 4660 402a0c 18 API calls 4659->4660 4661 40283c 4660->4661 4662 40284a 4661->4662 4663 40286d 4661->4663 4665 40268f 4661->4665 4662->4665 4667 405af6 wsprintfA 4662->4667 4664 405bba 18 API calls 4663->4664 4663->4665 4664->4665 4667->4665 4668 4014b7 4669 4014bd 4668->4669 4670 401389 2 API calls 4669->4670 4671 4014c5 4670->4671 3661 401e38 3662 402a29 18 API calls 3661->3662 3663 401e3e 3662->3663 3664 404e84 25 API calls 3663->3664 3665 401e48 3664->3665 3677 4053f8 CreateProcessA 3665->3677 3667 401ea4 CloseHandle 3669 40268f 3667->3669 3668 401e6d WaitForSingleObject 3670 401e4e 3668->3670 3671 401e7b GetExitCodeProcess 3668->3671 3670->3667 3670->3668 3670->3669 3680 405f64 3670->3680 3673 401e98 3671->3673 3674 401e8d 3671->3674 3673->3667 3676 401e96 3673->3676 3684 405af6 wsprintfA 3674->3684 3676->3667 3678 405433 3677->3678 3679 405427 CloseHandle 3677->3679 3678->3670 3679->3678 3681 405f81 PeekMessageA 3680->3681 3682 405f91 3681->3682 3683 405f77 DispatchMessageA 3681->3683 3682->3668 3683->3681 3684->3676 4672 401d38 GetDC GetDeviceCaps 4673 402a0c 18 API calls 4672->4673 4674 401d54 MulDiv 4673->4674 4675 402a0c 18 API calls 4674->4675 4676 401d69 4675->4676 4677 405bba 18 API calls 4676->4677 4678 401da2 CreateFontIndirectA 4677->4678 4679 4024eb 4678->4679 4687 402539 4688 402a0c 18 API calls 4687->4688 4689 402543 4688->4689 4690 402577 ReadFile 4689->4690 4691 4025bb 4689->4691 4692 4025cb 4689->4692 4695 4025b9 4689->4695 4690->4689 4690->4695 4696 405af6 wsprintfA 4691->4696 4694 4025e1 SetFilePointer 4692->4694 4692->4695 4694->4695 4696->4695 3954 40173e 3955 402a29 18 API calls 3954->3955 3956 401745 3955->3956 3957 40589e 2 API calls 3956->3957 3958 40174c 3957->3958 3959 40589e 2 API calls 3958->3959 3959->3958 4697 40193f 4698 402a29 18 API calls 4697->4698 4699 401946 lstrlenA 4698->4699 4700 4024eb 4699->4700

                                                                                                      Executed Functions

                                                                                                      Function 004030FB Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 4030fb-403131 SetErrorMode GetVersion 1 403133-40313b call 405f28 0->1 2 403144 0->2 1->2 7 40313d 1->7 3 403149-40315c call 405eba lstrlenA 2->3 9 40315e-4031d0 call 405f28 * 2 #17 OleInitialize SHGetFileInfoA call 405b98 GetCommandLineA call 405b98 GetModuleHandleA 3->9 7->2 18 4031d2-4031d7 9->18 19 4031dc-4031f1 call 4056b6 CharNextA 9->19 18->19 22 40325a-40325e 19->22 23 403260 22->23 24 4031f3-4031f6 22->24 27 403273-40328b GetTempPathA call 4030ca 23->27 25 4031f8-4031fc 24->25 26 4031fe-403206 24->26 25->25 25->26 28 403208-403209 26->28 29 40320e-403211 26->29 37 4032b1-4032cb DeleteFileA call 402c55 27->37 38 40328d-4032ab GetWindowsDirectoryA lstrcatA call 4030ca 27->38 28->29 31 403213-403217 29->31 32 40324a-403257 call 4056b6 29->32 35 403229-40322f 31->35 36 403219-403222 31->36 32->22 47 403259 32->47 42 403241-403248 35->42 43 403231-40323a 35->43 36->35 40 403224 36->40 50 403332-403341 call 403511 OleUninitialize 37->50 51 4032cd-4032d3 37->51 38->37 38->50 40->35 42->32 45 403262-40326e call 405b98 42->45 43->42 49 40323c 43->49 45->27 47->22 49->42 61 403456-40345c 50->61 62 403347-403357 call 405459 ExitProcess 50->62 53 403322-403329 call 4035eb 51->53 54 4032d5-4032de call 4056b6 51->54 59 40332e 53->59 63 4032e9-4032eb 54->63 59->50 65 403462-40347f call 405f28 * 3 61->65 66 4034f9-403501 61->66 69 4032e0-4032e6 63->69 70 4032ed-4032f7 63->70 92 403481-403483 65->92 93 4034c9-4034d7 call 405f28 65->93 67 403503 66->67 68 403507-40350b ExitProcess 66->68 67->68 69->70 73 4032e8 69->73 74 4032f9-403306 call 40576c 70->74 75 40335d-403371 call 4053e0 lstrcatA 70->75 73->63 74->50 84 403308-40331e call 405b98 * 2 74->84 85 403373-403379 lstrcatA 75->85 86 40337e-403398 lstrcatA lstrcmpiA 75->86 84->53 85->86 86->50 89 40339a-40339d 86->89 90 4033a6 call 4053c3 89->90 91 40339f-4033a4 call 405346 89->91 102 4033ab-4033b8 SetCurrentDirectoryA 90->102 91->102 92->93 97 403485-403487 92->97 107 4034e5-4034f0 ExitWindowsEx 93->107 108 4034d9-4034e3 93->108 97->93 103 403489-40349b GetCurrentProcess 97->103 105 4033c5-4033df call 405b98 102->105 106 4033ba-4033c0 call 405b98 102->106 103->93 115 40349d-4034bf 103->115 117 4033e4-403400 call 405bba DeleteFileA 105->117 106->105 107->66 109 4034f2-4034f4 call 40140b 107->109 108->107 108->109 109->66 115->93 121 403441-403448 117->121 122 403402-403412 CopyFileA 117->122 121->117 123 40344a-403451 call 4058e6 121->123 122->121 124 403414-403434 call 4058e6 call 405bba call 4053f8 122->124 123->50 124->121 133 403436-40343d CloseHandle 124->133 133->121
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNELBASE ref: 00403121
                                                                                                      • GetVersion.KERNEL32 ref: 00403127
                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                                                                      • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                                                                      • OleInitialize.OLE32(00000000), ref: 00403178
                                                                                                      • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                                                                      • GetCommandLineA.KERNEL32(f.lux Setup,NSIS Error), ref: 004031A9
                                                                                                      • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\PmsbthDWFX.exe",00000000), ref: 004031BC
                                                                                                      • CharNextA.USER32(00000000,"C:\Users\user\Desktop\PmsbthDWFX.exe",00409168), ref: 004031E7
                                                                                                      • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                                                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                                                                      • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                                                                                                        • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                        • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                      • OleUninitialize.OLE32(00000020), ref: 00403337
                                                                                                      • ExitProcess.KERNEL32 ref: 00403357
                                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PmsbthDWFX.exe",00000000,00000020), ref: 0040336A
                                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PmsbthDWFX.exe",00000000,00000020), ref: 00403379
                                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PmsbthDWFX.exe",00000000,00000020), ref: 00403384
                                                                                                      • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 00403390
                                                                                                      • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                                                                      • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                                                                      • CopyFileA.KERNEL32(C:\Users\user\Desktop\PmsbthDWFX.exe,0041F0F0,00000001), ref: 0040340A
                                                                                                      • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                                                                                                      • ExitProcess.KERNEL32 ref: 0040350B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                                      • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\PmsbthDWFX.exe"$.tmp$1033$C:\Users\user\AppData\Local\FluxSoftware\Flux$C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PmsbthDWFX.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$f.lux Setup$~nsu
                                                                                                      • API String ID: 3469842172-1902088498
                                                                                                      • Opcode ID: 885a8767e5b4937ea66d738347d17392d6b2a64a5338c8d7fcd11a41aff75260
                                                                                                      • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                                                                      • Opcode Fuzzy Hash: 885a8767e5b4937ea66d738347d17392d6b2a64a5338c8d7fcd11a41aff75260
                                                                                                      • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                                                                      Function 00404FC2 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 134 404fc2-404fdd 135 404fe3-4050ac GetDlgItem * 3 call 403e89 call 404726 GetClientRect GetSystemMetrics SendMessageA * 2 134->135 136 40516e-405175 134->136 158 4050ca-4050cd 135->158 159 4050ae-4050c8 SendMessageA * 2 135->159 138 405177-405199 GetDlgItem CreateThread CloseHandle 136->138 139 40519f-4051ac 136->139 138->139 141 4051ca-4051d1 139->141 142 4051ae-4051b4 139->142 143 4051d3-4051d9 141->143 144 405228-40522c 141->144 146 4051b6-4051c5 ShowWindow * 2 call 403e89 142->146 147 4051ec-4051f5 call 403ebb 142->147 148 405201-405211 ShowWindow 143->148 149 4051db-4051e7 call 403e2d 143->149 144->147 152 40522e-405231 144->152 146->141 155 4051fa-4051fe 147->155 156 405221-405223 call 403e2d 148->156 157 405213-40521c call 404e84 148->157 149->147 152->147 160 405233-405246 SendMessageA 152->160 156->144 157->156 163 4050dd-4050f4 call 403e54 158->163 164 4050cf-4050db SendMessageA 158->164 159->158 165 40524c-40526d CreatePopupMenu call 405bba AppendMenuA 160->165 166 40533f-405341 160->166 173 4050f6-40510a ShowWindow 163->173 174 40512a-40514b GetDlgItem SendMessageA 163->174 164->163 171 405282-405288 165->171 172 40526f-405280 GetWindowRect 165->172 166->155 175 40528b-4052a3 TrackPopupMenu 171->175 172->175 176 405119 173->176 177 40510c-405117 ShowWindow 173->177 174->166 178 405151-405169 SendMessageA * 2 174->178 175->166 179 4052a9-4052c0 175->179 180 40511f-405125 call 403e89 176->180 177->180 178->166 181 4052c5-4052e0 SendMessageA 179->181 180->174 181->181 183 4052e2-405302 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 181->183 184 405304-405323 SendMessageA 183->184 184->184 185 405325-405339 GlobalUnlock SetClipboardData CloseClipboard 184->185 185->166
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405021
                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405030
                                                                                                      • GetClientRect.USER32(?,?), ref: 0040506D
                                                                                                      • GetSystemMetrics.USER32(00000015), ref: 00405075
                                                                                                      • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405096
                                                                                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A7
                                                                                                      • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050BA
                                                                                                      • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050C8
                                                                                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050DB
                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405111
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405132
                                                                                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405142
                                                                                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040515B
                                                                                                      • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405167
                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 0040503F
                                                                                                        • Part of subcall function 00403E89: SendMessageA.USER32(00000028,?,00000001,00403CBA), ref: 00403E97
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405184
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_00004F56,00000000), ref: 00405192
                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405199
                                                                                                      • ShowWindow.USER32(00000000), ref: 004051BD
                                                                                                      • ShowWindow.USER32(00030498,00000008), ref: 004051C2
                                                                                                      • ShowWindow.USER32(00000008), ref: 00405209
                                                                                                      • SendMessageA.USER32(00030498,00001004,00000000,00000000), ref: 0040523B
                                                                                                      • CreatePopupMenu.USER32 ref: 0040524C
                                                                                                      • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405261
                                                                                                      • GetWindowRect.USER32(00030498,?), ref: 00405274
                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D3
                                                                                                      • OpenClipboard.USER32(00000000), ref: 004052E3
                                                                                                      • EmptyClipboard.USER32 ref: 004052E9
                                                                                                      • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004052FC
                                                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405310
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405328
                                                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 00405333
                                                                                                      • CloseClipboard.USER32 ref: 00405339
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                      • String ID: {
                                                                                                      • API String ID: 590372296-366298937
                                                                                                      • Opcode ID: 72171ce208c114d69c7dac141964c0ab0bad987d21fecd415696f37df6364e01
                                                                                                      • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                                                                      • Opcode Fuzzy Hash: 72171ce208c114d69c7dac141964c0ab0bad987d21fecd415696f37df6364e01
                                                                                                      • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                                                                      Function 100010D0 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 218COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 363 100010d0-100010fa GetVersionExA 364 10001106-1000110c 363->364 365 100010fc-10001101 363->365 367 10001122-10001139 LoadLibraryW 364->367 368 1000110e-10001112 364->368 366 1000135d-10001362 365->366 369 100011a5 367->369 370 1000113b-1000114c GetProcAddress 367->370 371 10001225-10001237 LoadLibraryA 368->371 372 10001118-1000111d 368->372 377 100011aa-100011ae 369->377 373 10001195 370->373 374 1000114e-1000115a LocalAlloc 370->374 375 10001332-10001337 371->375 376 1000123d-10001265 GetProcAddress * 3 371->376 378 1000135b-1000135c 372->378 380 1000119a-100011a3 FreeLibrary 373->380 379 10001189-1000118c 374->379 375->378 381 10001323-10001326 FreeLibrary 376->381 382 1000126b-1000126d 376->382 383 100011b0-100011b2 377->383 384 100011b7 377->384 378->366 385 1000115c-1000116d NtQuerySystemInformation 379->385 386 1000118e-10001193 379->386 380->377 389 1000132c-10001330 381->389 382->381 387 10001273-10001275 382->387 383->378 388 100011ba-100011bf 384->388 385->380 390 1000116f-1000117e LocalFree 385->390 386->380 387->381 391 1000127b-10001286 387->391 392 100011c1-100011ec WideCharToMultiByte lstrcmpiA 388->392 393 1000120d-10001211 388->393 389->375 394 10001339-1000133d 389->394 390->386 397 10001180-10001187 LocalAlloc 390->397 391->381 407 1000128c-100012a0 391->407 392->393 400 100011ee-100011f5 392->400 398 10001213-10001215 393->398 399 10001217-10001220 LocalFree 393->399 395 10001359 394->395 396 1000133f-10001343 394->396 395->378 402 10001345-1000134a 396->402 403 1000134c-10001350 396->403 397->379 398->388 399->389 400->399 401 100011f7-1000120a call 1000103f 400->401 401->393 402->378 403->395 406 10001352-10001357 403->406 406->378 410 10001318-1000131a 407->410 411 100012a2-100012b6 lstrlenA 410->411 412 1000131c-1000131d CloseHandle 410->412 413 100012bd-100012c2 411->413 412->381 414 100012c4-100012ea lstrcpynA lstrcmpiA 413->414 415 100012b8-100012ba 413->415 417 100012ec-100012f3 414->417 418 1000130e-10001315 414->418 415->414 416 100012bc 415->416 416->413 417->412 419 100012f5-1000130b call 1000103f 417->419 418->410 419->418
                                                                                                      APIs
                                                                                                      • GetVersionExA.KERNEL32(?), ref: 100010F2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2235680240.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2235664032.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2235694021.0000000010002000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2235733978.0000000010004000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Version
                                                                                                      • String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$NTDLL.DLL$NtQuerySystemInformation$Process32First$Process32Next
                                                                                                      • API String ID: 1889659487-877962304
                                                                                                      • Opcode ID: 65e34132412926b77cd70352a95a1b322544ba155a4a88647b4c9b484df59334
                                                                                                      • Instruction ID: 3df706415bff85d1043f51983ae3f68c733976b3404a17f8fb4488dcc6387507
                                                                                                      • Opcode Fuzzy Hash: 65e34132412926b77cd70352a95a1b322544ba155a4a88647b4c9b484df59334
                                                                                                      • Instruction Fuzzy Hash: 19715871900659EFFB11DFA4CC88ADE3BEAEB483C4F250026FA19D2159E6358E49CB50
                                                                                                      Function 004054BD Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 590 4054bd-4054d8 call 40576c 593 4054f1-4054fb 590->593 594 4054da-4054ec DeleteFileA 590->594 596 4054fd-4054ff 593->596 597 40550f-40551d call 405b98 593->597 595 405685-405688 594->595 599 405630-405636 596->599 600 405505-405509 596->600 603 40552c-40552d call 4056d2 597->603 604 40551f-40552a lstrcatA 597->604 599->595 602 405638-40563b 599->602 600->597 600->599 605 405645-40564d call 405e93 602->605 606 40563d-405643 602->606 607 405532-405535 603->607 604->607 605->595 613 40564f-405664 call 40568b call 405850 RemoveDirectoryA 605->613 606->595 610 405540-405546 lstrcatA 607->610 611 405537-40553e 607->611 614 40554b-405569 lstrlenA FindFirstFileA 610->614 611->610 611->614 628 405666-40566a 613->628 629 40567d-405680 call 404e84 613->629 616 405626-40562a 614->616 617 40556f-405586 call 4056b6 614->617 616->599 619 40562c 616->619 624 405591-405594 617->624 625 405588-40558c 617->625 619->599 626 405596-40559b 624->626 627 4055a7-4055b5 call 405b98 624->627 625->624 630 40558e 625->630 631 405605-405617 FindNextFileA 626->631 632 40559d-40559f 626->632 640 4055b7-4055bf 627->640 641 4055cc-4055db call 405850 DeleteFileA 627->641 628->606 634 40566c-40567b call 404e84 call 4058e6 628->634 629->595 630->624 631->617 638 40561d-405620 FindClose 631->638 632->627 636 4055a1-4055a5 632->636 634->595 636->627 636->631 638->616 640->631 643 4055c1-4055ca call 4054bd 640->643 650 4055fd-405600 call 404e84 641->650 651 4055dd-4055e1 641->651 643->631 650->631 653 4055e3-4055f3 call 404e84 call 4058e6 651->653 654 4055f5-4055fb 651->654 653->631 654->631
                                                                                                      APIs
                                                                                                      • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                                                                      • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                                                                      • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                                                                      • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                                                                      • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                                                                      • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                                                                      • FindClose.KERNEL32(?), ref: 00405620
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                                                                                                      • \*.*, xrefs: 0040551F
                                                                                                      • "C:\Users\user\Desktop\PmsbthDWFX.exe", xrefs: 004054BD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                      • String ID: "C:\Users\user\Desktop\PmsbthDWFX.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                      • API String ID: 2035342205-93492804
                                                                                                      • Opcode ID: 9bf5ba1bd21d9d601bb1d5cc76761330af519b1b6dd2fb000a30f9a8e8e22d66
                                                                                                      • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                                                                      • Opcode Fuzzy Hash: 9bf5ba1bd21d9d601bb1d5cc76761330af519b1b6dd2fb000a30f9a8e8e22d66
                                                                                                      • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                                                                      Function 004061D4 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                      • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                                                                      • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                      • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                                                                      Function 00405E93 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNELBASE(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                      • String ID:
                                                                                                      • API String ID: 2295610775-0
                                                                                                      • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                      • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                                                                      • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                      • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                                                                      Function 00403981 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 186 403981-403993 187 403ad4-403ae3 186->187 188 403999-40399f 186->188 190 403b32-403b47 187->190 191 403ae5-403b2d GetDlgItem * 2 call 403e54 SetClassLongA call 40140b 187->191 188->187 189 4039a5-4039ae 188->189 195 4039b0-4039bd SetWindowPos 189->195 196 4039c3-4039c6 189->196 193 403b87-403b8c call 403ea0 190->193 194 403b49-403b4c 190->194 191->190 208 403b91-403bac 193->208 200 403b4e-403b59 call 401389 194->200 201 403b7f-403b81 194->201 195->196 197 4039e0-4039e6 196->197 198 4039c8-4039da ShowWindow 196->198 203 403a02-403a05 197->203 204 4039e8-4039fd DestroyWindow 197->204 198->197 200->201 221 403b5b-403b7a SendMessageA 200->221 201->193 207 403e21 201->207 212 403a07-403a13 SetWindowLongA 203->212 213 403a18-403a1e 203->213 210 403dfe-403e04 204->210 209 403e23-403e2a 207->209 215 403bb5-403bbb 208->215 216 403bae-403bb0 call 40140b 208->216 210->207 222 403e06-403e0c 210->222 212->209 219 403ac1-403acf call 403ebb 213->219 220 403a24-403a35 GetDlgItem 213->220 217 403bc1-403bcc 215->217 218 403ddf-403df8 DestroyWindow EndDialog 215->218 216->215 217->218 224 403bd2-403c1f call 405bba call 403e54 * 3 GetDlgItem 217->224 218->210 219->209 225 403a54-403a57 220->225 226 403a37-403a4e SendMessageA IsWindowEnabled 220->226 221->209 222->207 228 403e0e-403e17 ShowWindow 222->228 256 403c21-403c26 224->256 257 403c29-403c65 ShowWindow KiUserCallbackDispatcher call 403e76 KiUserCallbackDispatcher 224->257 230 403a59-403a5a 225->230 231 403a5c-403a5f 225->231 226->207 226->225 228->207 234 403a8a-403a8f call 403e2d 230->234 235 403a61-403a67 231->235 236 403a6d-403a72 231->236 234->219 239 403aa8-403abb SendMessageA 235->239 240 403a69-403a6b 235->240 236->239 241 403a74-403a7a 236->241 239->219 240->234 244 403a91-403a9a call 40140b 241->244 245 403a7c-403a82 call 40140b 241->245 244->219 254 403a9c-403aa6 244->254 252 403a88 245->252 252->234 254->252 256->257 260 403c67-403c68 257->260 261 403c6a 257->261 262 403c6c-403c9a GetSystemMenu EnableMenuItem SendMessageA 260->262 261->262 263 403c9c-403cad SendMessageA 262->263 264 403caf 262->264 265 403cb5-403cee call 403e89 call 405b98 lstrlenA call 405bba SetWindowTextA call 401389 263->265 264->265 265->208 274 403cf4-403cf6 265->274 274->208 275 403cfc-403d00 274->275 276 403d02-403d08 275->276 277 403d1f-403d33 DestroyWindow 275->277 276->207 278 403d0e-403d14 276->278 277->210 279 403d39-403d66 CreateDialogParamA 277->279 278->208 280 403d1a 278->280 279->210 281 403d6c-403dc3 call 403e54 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 279->281 280->207 281->207 286 403dc5-403dd8 ShowWindow call 403ea0 281->286 288 403ddd 286->288 288->210
                                                                                                      APIs
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                                                                      • ShowWindow.USER32(?), ref: 004039DA
                                                                                                      • DestroyWindow.USER32 ref: 004039EE
                                                                                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A0A
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00403A2B
                                                                                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A3F
                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403AF4
                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403AFE
                                                                                                      • SetClassLongA.USER32(?,000000F2,?), ref: 00403B18
                                                                                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B69
                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403C0F
                                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C42
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C5D
                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403C7A
                                                                                                      • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C92
                                                                                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CA5
                                                                                                      • lstrlenA.KERNEL32(00420538,?,00420538,f.lux Setup), ref: 00403CCE
                                                                                                      • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                      • String ID: f.lux Setup
                                                                                                      • API String ID: 1252290697-641738467
                                                                                                      • Opcode ID: f4e4b798a7656e62d71f029d7cab004aaf257c59c2ac0628070c6abd53781ae9
                                                                                                      • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                                                                      • Opcode Fuzzy Hash: f4e4b798a7656e62d71f029d7cab004aaf257c59c2ac0628070c6abd53781ae9
                                                                                                      • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                                                                      Function 004035EB Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 289 4035eb-403603 call 405f28 292 403605-403615 call 405af6 289->292 293 403617-40363e call 405a7f 289->293 302 403661-40368a call 4038b4 call 40576c 292->302 297 403640-403651 call 405a7f 293->297 298 403656-40365c lstrcatA 293->298 297->298 298->302 307 403690-403695 302->307 308 403711-403719 call 40576c 302->308 307->308 309 403697-4036bb call 405a7f 307->309 313 403727-40374c LoadImageA 308->313 314 40371b-403722 call 405bba 308->314 309->308 316 4036bd-4036bf 309->316 318 403752-403788 RegisterClassA 313->318 319 4037db-4037e3 call 40140b 313->319 314->313 320 4036d0-4036dc lstrlenA 316->320 321 4036c1-4036ce call 4056b6 316->321 322 4038aa 318->322 323 40378e-4037d6 SystemParametersInfoA CreateWindowExA 318->323 332 4037e5-4037e8 319->332 333 4037ed-4037f8 call 4038b4 319->333 327 403704-40370c call 40568b call 405b98 320->327 328 4036de-4036ec lstrcmpiA 320->328 321->320 326 4038ac-4038b3 322->326 323->319 327->308 328->327 331 4036ee-4036f8 GetFileAttributesA 328->331 335 4036fa-4036fc 331->335 336 4036fe-4036ff call 4056d2 331->336 332->326 342 403881-403882 call 404f56 333->342 343 4037fe-403818 ShowWindow call 405eba 333->343 335->327 335->336 336->327 346 403887-403889 342->346 348 403824-403836 GetClassInfoA 343->348 349 40381a-40381f call 405eba 343->349 350 4038a3-4038a5 call 40140b 346->350 351 40388b-403891 346->351 354 403838-403848 GetClassInfoA RegisterClassA 348->354 355 40384e-403871 DialogBoxParamA call 40140b 348->355 349->348 350->322 351->332 356 403897-40389e call 40140b 351->356 354->355 359 403876-40387f call 40353b 355->359 356->332 359->326
                                                                                                      APIs
                                                                                                        • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                        • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                      • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\PmsbthDWFX.exe",00000000), ref: 0040365C
                                                                                                      • lstrlenA.KERNEL32(Execute: ,?,?,?,Execute: ,00000000,C:\Users\user\AppData\Local\FluxSoftware\Flux,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                                                                      • lstrcmpiA.KERNEL32(?,.exe), ref: 004036E4
                                                                                                      • GetFileAttributesA.KERNEL32(Execute: ), ref: 004036EF
                                                                                                      • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\FluxSoftware\Flux), ref: 00403738
                                                                                                        • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                                                                      • RegisterClassA.USER32 ref: 0040377F
                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                                                                      • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037D0
                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                                                                      • GetClassInfoA.USER32(00000000,RichEdit20A,004236E0), ref: 00403832
                                                                                                      • GetClassInfoA.USER32(00000000,RichEdit,004236E0), ref: 0040383F
                                                                                                      • RegisterClassA.USER32(004236E0), ref: 00403848
                                                                                                      • DialogBoxParamA.USER32(?,00000000,00403981,00000000), ref: 00403867
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                      • String ID: "C:\Users\user\Desktop\PmsbthDWFX.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\FluxSoftware\Flux$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Execute: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$6B
                                                                                                      • API String ID: 1975747703-3251148082
                                                                                                      • Opcode ID: fb2c8ad16594a61d8942c3472e4298a43705d403f2d13b44c2816537536d63c0
                                                                                                      • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                                                                      • Opcode Fuzzy Hash: fb2c8ad16594a61d8942c3472e4298a43705d403f2d13b44c2816537536d63c0
                                                                                                      • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                                                                      Function 00403F9C Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 422 403f9c-403fac 423 403fb2-403fba 422->423 424 4040bf-4040d2 422->424 427 403fbc-403fcb 423->427 428 403fcd-404065 call 403e54 * 2 CheckDlgButton call 403e76 GetDlgItem call 403e89 SendMessageA 423->428 425 4040d4-4040dd 424->425 426 40412e-404132 424->426 429 404211 425->429 430 4040e3-4040eb 425->430 432 404202-404209 426->432 433 404138-40414c GetDlgItem 426->433 427->428 460 404070-4040ba SendMessageA * 2 lstrlenA SendMessageA * 2 428->460 461 404067-40406a GetSysColor 428->461 436 404214-40421b call 403ebb 429->436 430->429 434 4040f1-4040fd 430->434 432->429 435 40420b 432->435 438 4041c0-4041c7 433->438 439 40414e-404155 433->439 434->429 440 404103-404129 GetDlgItem SendMessageA call 403e76 call 404227 434->440 435->429 447 404220-404224 436->447 438->436 444 4041c9-4041d0 438->444 439->438 443 404157-404172 439->443 440->426 443->438 449 404174-4041bd SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 443->449 444->436 445 4041d2-4041d6 444->445 450 4041d8-4041e7 SendMessageA 445->450 451 4041e9-4041ed 445->451 449->438 450->451 454 4041fd-404200 451->454 455 4041ef-4041fb SendMessageA 451->455 454->447 455->454 460->447 461->460
                                                                                                      APIs
                                                                                                      • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404027
                                                                                                      • GetDlgItem.USER32(00000000,000003E8), ref: 0040403B
                                                                                                      • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404059
                                                                                                      • GetSysColor.USER32(?), ref: 0040406A
                                                                                                      • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404079
                                                                                                      • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404088
                                                                                                      • lstrlenA.KERNEL32(?), ref: 00404092
                                                                                                      • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A0
                                                                                                      • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040AF
                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 00404112
                                                                                                      • SendMessageA.USER32(00000000), ref: 00404115
                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404140
                                                                                                      • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404180
                                                                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 0040418F
                                                                                                      • SetCursor.USER32(00000000), ref: 00404198
                                                                                                      • ShellExecuteA.SHELL32(0000070B,open,.B,00000000,00000000,00000001), ref: 004041AB
                                                                                                      • LoadCursorA.USER32(00000000,00007F00), ref: 004041B8
                                                                                                      • SetCursor.USER32(00000000), ref: 004041BB
                                                                                                      • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041E7
                                                                                                      • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041FB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                      • String ID: N$open$.B
                                                                                                      • API String ID: 3615053054-720656042
                                                                                                      • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                      • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                                                                      • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                      • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                                                                      Function 00402C55 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 462 402c55-402ca3 GetTickCount GetModuleFileNameA call 40586f 465 402ca5-402caa 462->465 466 402caf-402cdd call 405b98 call 4056d2 call 405b98 GetFileSize 462->466 467 402e87-402e8b 465->467 474 402ce3 466->474 475 402dca-402dd8 call 402bf1 466->475 477 402ce8-402cff 474->477 481 402dda-402ddd 475->481 482 402e2d-402e32 475->482 479 402d01 477->479 480 402d03-402d05 call 403081 477->480 479->480 486 402d0a-402d0c 480->486 484 402e01-402e2b GlobalAlloc call 4030b3 call 402e8e 481->484 485 402ddf-402df0 call 4030b3 call 403081 481->485 482->467 484->482 509 402e3e-402e4f 484->509 502 402df5-402df7 485->502 488 402d12-402d19 486->488 489 402e34-402e3c call 402bf1 486->489 493 402d95-402d99 488->493 494 402d1b-402d2f call 405830 488->494 489->482 498 402da3-402da9 493->498 499 402d9b-402da2 call 402bf1 493->499 494->498 513 402d31-402d38 494->513 504 402db8-402dc2 498->504 505 402dab-402db5 call 405f97 498->505 499->498 502->482 510 402df9-402dff 502->510 504->477 508 402dc8 504->508 505->504 508->475 514 402e51 509->514 515 402e57-402e5c 509->515 510->482 510->484 513->498 517 402d3a-402d41 513->517 514->515 519 402e5d-402e63 515->519 517->498 518 402d43-402d4a 517->518 518->498 520 402d4c-402d53 518->520 519->519 521 402e65-402e80 SetFilePointer call 405830 519->521 520->498 522 402d55-402d75 520->522 525 402e85 521->525 522->482 524 402d7b-402d7f 522->524 526 402d81-402d85 524->526 527 402d87-402d8f 524->527 525->467 526->508 526->527 527->498 528 402d91-402d93 527->528 528->498
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00402C66
                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\PmsbthDWFX.exe,00000400), ref: 00402C82
                                                                                                        • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\PmsbthDWFX.exe,80000000,00000003), ref: 00405873
                                                                                                        • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PmsbthDWFX.exe,C:\Users\user\Desktop\PmsbthDWFX.exe,80000000,00000003), ref: 00402CCE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                      • String ID: "$"C:\Users\user\Desktop\PmsbthDWFX.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PmsbthDWFX.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                                                                      • API String ID: 4283519449-2612364622
                                                                                                      • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                      • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                                                                      • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                      • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                                                                      Function 00405BBA Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 529 405bba-405bc5 530 405bc7-405bd6 529->530 531 405bd8-405bf5 529->531 530->531 532 405dd7-405ddb 531->532 533 405bfb-405c02 531->533 534 405de1-405deb 532->534 535 405c07-405c11 532->535 533->532 536 405df6-405df7 534->536 537 405ded-405df1 call 405b98 534->537 535->534 538 405c17-405c1e 535->538 537->536 540 405c24-405c59 538->540 541 405dca 538->541 542 405d74-405d77 540->542 543 405c5f-405c6a GetVersion 540->543 544 405dd4-405dd6 541->544 545 405dcc-405dd2 541->545 548 405da7-405daa 542->548 549 405d79-405d7c 542->549 546 405c84 543->546 547 405c6c-405c70 543->547 544->532 545->532 552 405c8b-405c92 546->552 547->546 555 405c72-405c76 547->555 553 405db8-405dc8 lstrlenA 548->553 554 405dac-405db3 call 405bba 548->554 550 405d8c-405d98 call 405b98 549->550 551 405d7e-405d8a call 405af6 549->551 566 405d9d-405da3 550->566 551->566 557 405c94-405c96 552->557 558 405c97-405c99 552->558 553->532 554->553 555->546 561 405c78-405c7c 555->561 557->558 564 405cd2-405cd5 558->564 565 405c9b-405cbe call 405a7f 558->565 561->546 562 405c7e-405c82 561->562 562->552 569 405ce5-405ce8 564->569 570 405cd7-405ce3 GetSystemDirectoryA 564->570 576 405cc4-405ccd call 405bba 565->576 577 405d5b-405d5f 565->577 566->553 568 405da5 566->568 572 405d6c-405d72 call 405dfa 568->572 574 405d52-405d54 569->574 575 405cea-405cf8 GetWindowsDirectoryA 569->575 573 405d56-405d59 570->573 572->553 573->572 573->577 574->573 578 405cfa-405d04 574->578 575->574 576->573 577->572 583 405d61-405d67 lstrcatA 577->583 580 405d06-405d09 578->580 581 405d1e-405d34 SHGetSpecialFolderLocation 578->581 580->581 585 405d0b-405d12 580->585 586 405d36-405d4d SHGetPathFromIDListA CoTaskMemFree 581->586 587 405d4f 581->587 583->572 589 405d1a-405d1c 585->589 586->573 586->587 587->574 589->573 589->581
                                                                                                      APIs
                                                                                                      • GetVersion.KERNEL32(00000000,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,00404EBC,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000), ref: 00405C62
                                                                                                      • GetSystemDirectoryA.KERNEL32(Execute: ,00000400), ref: 00405CDD
                                                                                                      • GetWindowsDirectoryA.KERNEL32(Execute: ,00000400), ref: 00405CF0
                                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                                                                      • SHGetPathFromIDListA.SHELL32(0040F0E0,Execute: ), ref: 00405D3A
                                                                                                      • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                                                                      • lstrcatA.KERNEL32(Execute: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                                                                      • lstrlenA.KERNEL32(Execute: ,00000000,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,00404EBC,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000), ref: 00405DB9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                      • String ID: Execute: $Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                      • API String ID: 900638850-1066012326
                                                                                                      • Opcode ID: 259fcbbe24dcde5b1b9a201b85a2619a5220a09326b269ee35ad96e2b074a0d3
                                                                                                      • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                                                                      • Opcode Fuzzy Hash: 259fcbbe24dcde5b1b9a201b85a2619a5220a09326b269ee35ad96e2b074a0d3
                                                                                                      • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                                                                      Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 659 401751-401774 call 402a29 call 4056f8 664 401776-40177c call 405b98 659->664 665 40177e-401790 call 405b98 call 40568b lstrcatA 659->665 670 401795-40179b call 405dfa 664->670 665->670 675 4017a0-4017a4 670->675 676 4017a6-4017b0 call 405e93 675->676 677 4017d7-4017da 675->677 684 4017c2-4017d4 676->684 685 4017b2-4017c0 CompareFileTime 676->685 679 4017e2-4017fe call 40586f 677->679 680 4017dc-4017dd call 405850 677->680 687 401800-401803 679->687 688 401876-40189f call 404e84 call 402e8e 679->688 680->679 684->677 685->684 689 401805-401847 call 405b98 * 2 call 405bba call 405b98 call 405459 687->689 690 401858-401862 call 404e84 687->690 700 4018a1-4018a5 688->700 701 4018a7-4018b3 SetFileTime 688->701 689->675 722 40184d-40184e 689->722 702 40186b-401871 690->702 700->701 705 4018b9-4018c4 CloseHandle 700->705 701->705 706 4028c7 702->706 709 4018ca-4018cd 705->709 710 4028be-4028c1 705->710 708 4028c9-4028cd 706->708 712 4018e2-4018e5 call 405bba 709->712 713 4018cf-4018e0 call 405bba lstrcatA 709->713 710->706 719 4018ea-402246 call 405459 712->719 713->719 719->708 719->710 722->702 724 401850-401851 722->724 724->690
                                                                                                      APIs
                                                                                                      • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime,00000000,00000000,00000031), ref: 00401790
                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,"C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,00000000,"C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime,00000000,00000000,00000031), ref: 004017BA
                                                                                                        • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,f.lux Setup,NSIS Error), ref: 00405BA5
                                                                                                        • Part of subcall function 00404E84: lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                        • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                        • Part of subcall function 00404E84: lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00402FBE,00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                        • Part of subcall function 00404E84: SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma), ref: 00404EF2
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                      • String ID: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma$603$C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime$C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime
                                                                                                      • API String ID: 1941528284-2379550616
                                                                                                      • Opcode ID: 3c4b0e506e6503a094bd2f2e8e25a788a5a3aecb5d490dee849b344167d39748
                                                                                                      • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                                                                      • Opcode Fuzzy Hash: 3c4b0e506e6503a094bd2f2e8e25a788a5a3aecb5d490dee849b344167d39748
                                                                                                      • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                                                                      Function 00402E8E Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 166fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 726 402e8e-402ea2 727 402ea4 726->727 728 402eab-402eb3 726->728 727->728 729 402eb5 728->729 730 402eba-402ebf 728->730 729->730 731 402ec1-402eca call 4030b3 730->731 732 402ecf-402edc call 403081 730->732 731->732 736 402ee2-402ee6 732->736 737 40302c 732->737 738 403015-403017 736->738 739 402eec-402f0c GetTickCount call 406005 736->739 740 40302e-40302f 737->740 741 403019-40301c 738->741 742 40306c-403070 738->742 750 403077 739->750 752 402f12-402f1a 739->752 744 40307a-40307e 740->744 747 403021-40302a call 403081 741->747 748 40301e 741->748 745 403031-403037 742->745 746 403072 742->746 753 403039 745->753 754 40303c-40304a call 403081 745->754 746->750 747->737 760 403074 747->760 748->747 750->744 757 402f1c 752->757 758 402f1f-402f2d call 403081 752->758 753->754 754->737 762 40304c-40305f WriteFile 754->762 757->758 758->737 766 402f33-402f3c 758->766 760->750 764 403011-403013 762->764 765 403061-403064 762->765 764->740 765->764 768 403066-403069 765->768 767 402f42-402f5f call 406025 766->767 771 402f65-402f7c GetTickCount 767->771 772 40300d-40300f 767->772 768->742 773 402fc1-402fc5 771->773 774 402f7e-402f86 771->774 772->740 777 403002-403005 773->777 778 402fc7-402fca 773->778 775 402f88-402f8c 774->775 776 402f8e-402fb9 MulDiv wsprintfA call 404e84 774->776 775->773 775->776 783 402fbe 776->783 777->752 779 40300b 777->779 781 402fea-402ff0 778->781 782 402fcc-402fde WriteFile 778->782 779->750 785 402ff6-402ffa 781->785 782->764 784 402fe0-402fe3 782->784 783->773 784->764 787 402fe5-402fe8 784->787 785->767 786 403000 785->786 786->750 787->785
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 00402EEC
                                                                                                      • GetTickCount.KERNEL32 ref: 00402F6D
                                                                                                      • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                                                                                      • wsprintfA.USER32 ref: 00402FAA
                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                                                                      Strings
                                                                                                      • ... %d%%, xrefs: 00402FA4
                                                                                                      • #define buttonfontProperty fontname CalibriProperty fontsize 28Property typecolor DD000000 DD000000 DD000000#define smallfontProperty fontname CalibriProperty fontsize 22#define subfontProperty fontname CalibriProperty fontsize 36Proper, xrefs: 00402EB5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountTick$FileWritewsprintf
                                                                                                      • String ID: #define buttonfontProperty fontname CalibriProperty fontsize 28Property typecolor DD000000 DD000000 DD000000#define smallfontProperty fontname CalibriProperty fontsize 22#define subfontProperty fontname CalibriProperty fontsize 36Proper$... %d%%
                                                                                                      • API String ID: 4209647438-2925180006
                                                                                                      • Opcode ID: ffe309768e2e76762e4b1411782ec4da20d85f16c5f614fe30c07450829fd80a
                                                                                                      • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                                                                      • Opcode Fuzzy Hash: ffe309768e2e76762e4b1411782ec4da20d85f16c5f614fe30c07450829fd80a
                                                                                                      • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                                                                      Function 00404E84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 788 404e84-404e99 789 404f4f-404f53 788->789 790 404e9f-404eb1 788->790 791 404eb3-404eb7 call 405bba 790->791 792 404ebc-404ec8 lstrlenA 790->792 791->792 794 404ee5-404ee9 792->794 795 404eca-404eda lstrlenA 792->795 797 404ef8-404efc 794->797 798 404eeb-404ef2 SetWindowTextA 794->798 795->789 796 404edc-404ee0 lstrcatA 795->796 796->794 799 404f42-404f44 797->799 800 404efe-404f40 SendMessageA * 3 797->800 798->797 799->789 801 404f46-404f49 799->801 800->799 801->789
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                      • lstrlenA.KERNEL32(00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                      • lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00402FBE,00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                      • SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma), ref: 00404EF2
                                                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                      • String ID: Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma
                                                                                                      • API String ID: 2531174081-731945449
                                                                                                      • Opcode ID: 9e8cfcf8f15eec173e1b61d133f7a0bbdbbe94498bc8bf2f6dab98971338d385
                                                                                                      • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                                                                      • Opcode Fuzzy Hash: 9e8cfcf8f15eec173e1b61d133f7a0bbdbbe94498bc8bf2f6dab98971338d385
                                                                                                      • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                                                                      Function 00405346 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 802 405346-405391 CreateDirectoryA 803 405393-405395 802->803 804 405397-4053a4 GetLastError 802->804 805 4053be-4053c0 803->805 804->805 806 4053a6-4053ba SetFileSecurityA 804->806 806->803 807 4053bc GetLastError 806->807 807->805
                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                      • GetLastError.KERNEL32 ref: 0040539D
                                                                                                      • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                                                                      • GetLastError.KERNEL32 ref: 004053BC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                      • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                                      • API String ID: 3449924974-776639217
                                                                                                      • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                      • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                                                                      • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                      • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                                                                      Function 00405EBA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 808 405eba-405eda GetSystemDirectoryA 809 405edc 808->809 810 405ede-405ee0 808->810 809->810 811 405ef0-405ef2 810->811 812 405ee2-405eea 810->812 814 405ef3-405f25 wsprintfA LoadLibraryExA 811->814 812->811 813 405eec-405eee 812->813 813->814
                                                                                                      APIs
                                                                                                      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                                                                      • wsprintfA.USER32 ref: 00405F0A
                                                                                                      • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                      • String ID: %s%s.dll$UXTHEME$\
                                                                                                      • API String ID: 2200240437-4240819195
                                                                                                      • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                      • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                                                                      • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                      • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                                                                      Function 0040589E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 815 40589e-4058a8 816 4058a9-4058d3 GetTickCount GetTempFileNameA 815->816 817 4058e2-4058e4 816->817 818 4058d5-4058d7 816->818 820 4058dc-4058df 817->820 818->816 819 4058d9 818->819 819->820
                                                                                                      APIs
                                                                                                      • GetTickCount.KERNEL32 ref: 004058B1
                                                                                                      • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058CB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountFileNameTempTick
                                                                                                      • String ID: "C:\Users\user\Desktop\PmsbthDWFX.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                      • API String ID: 1716503409-928951337
                                                                                                      • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                      • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                                                                      • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                      • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                                                                      Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                      • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Timeout
                                                                                                      • String ID: !
                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                      • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                      • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                                                                      • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                      • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                                                                      Function 00401F84 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                                                                        • Part of subcall function 00404E84: lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                        • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                        • Part of subcall function 00404E84: lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00402FBE,00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                        • Part of subcall function 00404E84: SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma), ref: 00404EF2
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                      • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                                      • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 2987980305-0
                                                                                                      • Opcode ID: ef784953fcc9cce80863dd2f4e2d02ba6a3cc3a2ef92c8139bdd11be4a09de5f
                                                                                                      • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                                                                      • Opcode Fuzzy Hash: ef784953fcc9cce80863dd2f4e2d02ba6a3cc3a2ef92c8139bdd11be4a09de5f
                                                                                                      • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                                                                      Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                                                        • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                                                                        • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                                                                      • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                        • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime,00000000,00000000,000000F0), ref: 00401634
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime, xrefs: 00401629
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                      • String ID: C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime
                                                                                                      • API String ID: 1892508949-571259931
                                                                                                      • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                                                                      • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                                                                      • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                                                                      • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                                                                      Function 004053F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040542A
                                                                                                      Strings
                                                                                                      • Error launching installer, xrefs: 0040540B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                      • String ID: Error launching installer
                                                                                                      • API String ID: 3712363035-66219284
                                                                                                      • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                      • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                                                                      • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                      • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                                                                      Function 00406609 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                      • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                                                                      • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                      • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                                                                      Function 0040680A Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                      • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                                                                      • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                      • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                                                                      Function 00406520 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                      • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                                                                      • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                      • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                                                                      Function 00406025 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                      • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                                                                      • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                      • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                                                                      Function 00406473 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                      • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                                                                      • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                      • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                                                                      Function 00406591 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                      • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                                                                      • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                      • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                                                                      Function 004064DD Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                      • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                                                                      • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                      • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                                                                      Function 00401B23 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00401B92
                                                                                                      • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BA4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocFree
                                                                                                      • String ID: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma
                                                                                                      • API String ID: 3394109436-1689675259
                                                                                                      • Opcode ID: 4dacc745965b63c15b6f4c86ac17ca4e37daa93658367e5bf7fb0b5b50482f33
                                                                                                      • Instruction ID: 7ccf98c2bcd9f3ca38d4d46a4d581d89e530cf77c0bcd4a38c60e2ffc0b0a282
                                                                                                      • Opcode Fuzzy Hash: 4dacc745965b63c15b6f4c86ac17ca4e37daa93658367e5bf7fb0b5b50482f33
                                                                                                      • Instruction Fuzzy Hash: CD219376A00104ABDB20EF94DE84A9F73B5EB45314720493BF611B33D1E7B8B9819B5D
                                                                                                      Function 00401E38 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00404E84: lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                        • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                        • Part of subcall function 00404E84: lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00402FBE,00402FBE,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                        • Part of subcall function 00404E84: SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma,Execute: "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /unlockwingamma), ref: 00404EF2
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                        • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                        • Part of subcall function 004053F8: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                                                                        • Part of subcall function 004053F8: CloseHandle.KERNEL32(?), ref: 0040542A
                                                                                                      • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E72
                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E82
                                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EA7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 3521207402-0
                                                                                                      • Opcode ID: c9c27a7c5ed11d78a04fa8ba5810fd388424a0326905b7a791a90ad890862a58
                                                                                                      • Instruction ID: 9f74951c8685777ff7248368b05c14b320234156a546818c44ddf0e00d329478
                                                                                                      • Opcode Fuzzy Hash: c9c27a7c5ed11d78a04fa8ba5810fd388424a0326905b7a791a90ad890862a58
                                                                                                      • Instruction Fuzzy Hash: F0015731E04205EBCF21AFA1D984AAE7A71EF00344F54813BF905B61E1C7BC4A41EB9A
                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                      • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                      • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                                                                      • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                      • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                                                                      Function 00405F28 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                        • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                                                                        • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                                                                        • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                      • String ID:
                                                                                                      • API String ID: 2547128583-0
                                                                                                      • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                      • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                                                                      • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                      • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                                                                      Function 0040586F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\PmsbthDWFX.exe,80000000,00000003), ref: 00405873
                                                                                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$AttributesCreate
                                                                                                      • String ID:
                                                                                                      • API String ID: 415043291-0
                                                                                                      • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                      • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                                      • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                      • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                                      Function 00405850 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                                                                                                      • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                      • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                                                                      • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                      • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                                                                      Function 004053C3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                                                                      • GetLastError.KERNEL32 ref: 004053D7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 1375471231-0
                                                                                                      • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                      • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                                                                      • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                      • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                                                                      Function 10001426 Relevance: 2.5, APIs: 2, Instructions: 29stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrcpynA.KERNEL32(?,10003024,?,10003020,1000138F,10003020,00000400), ref: 10001454
                                                                                                      • GlobalFree.KERNELBASE(10003020), ref: 10001464
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2235680240.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2235664032.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2235694021.0000000010002000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2235733978.0000000010004000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeGloballstrcpyn
                                                                                                      • String ID:
                                                                                                      • API String ID: 1459762280-0
                                                                                                      • Opcode ID: d37c7429f21efaa5103ac68eecef2f505b672404a3497301ec3293a1c9b8d6fd
                                                                                                      • Instruction ID: 61cff6a9ed434c6726c3e265b98623322506fe6e864b2b4fb358a1092e6d6a6c
                                                                                                      • Opcode Fuzzy Hash: d37c7429f21efaa5103ac68eecef2f505b672404a3497301ec3293a1c9b8d6fd
                                                                                                      • Instruction Fuzzy Hash: 8DF0F8312152209FE315DF24CC94B9777E9FB0A385F018429E691C7278D770E804CB22
                                                                                                      Function 00403081 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                      • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                                                                      • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                      • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                                                                      Function 00403E54 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403E6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemText
                                                                                                      • String ID:
                                                                                                      • API String ID: 3367045223-0
                                                                                                      • Opcode ID: bd088f7f00d811be993cb0fa1566991d2d73bb63516f205f68802a77c6a304db
                                                                                                      • Instruction ID: 4e03893cb2c9e51268dc8d69246195e7dedd5b436266d841f2699fbe9cdeab05
                                                                                                      • Opcode Fuzzy Hash: bd088f7f00d811be993cb0fa1566991d2d73bb63516f205f68802a77c6a304db
                                                                                                      • Instruction Fuzzy Hash: 23C08C71008200BFE741A744CC02F0FB7A9EFA0316F00C42EB59CA00E1C674D6208E26
                                                                                                      Function 00403EA0 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(0002048A,00000000,00000000,00000000), ref: 00403EB2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: d7c8953842b007cfc8ca07b0ac61ae48c54f269f9115931377447a37a3fcfb9d
                                                                                                      • Instruction ID: 4b8acd102514428a3603f28b278f158aea94516f59be1ccfca7888e5ca2a070f
                                                                                                      • Opcode Fuzzy Hash: d7c8953842b007cfc8ca07b0ac61ae48c54f269f9115931377447a37a3fcfb9d
                                                                                                      • Instruction Fuzzy Hash: A4C09BB2B443017BDE21CF64DD45F077BACA754702F148435B640F61D0C674E510DA5D
                                                                                                      Function 00403E89 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(00000028,?,00000001,00403CBA), ref: 00403E97
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3850602802-0
                                                                                                      • Opcode ID: cd800827a2a58a8696ccc8925a397d53d259c8bbdf20f2cfe0faa6218754ea07
                                                                                                      • Instruction ID: 5f91c50f18177a9ea93ac139c2eb8e8fc02b3059b603aec29cf7e277bde60781
                                                                                                      • Opcode Fuzzy Hash: cd800827a2a58a8696ccc8925a397d53d259c8bbdf20f2cfe0faa6218754ea07
                                                                                                      • Instruction Fuzzy Hash: 55B01235A84202BBDE218F00EE09F457E72F768B02F018030F300280F0CAB300A1EF09
                                                                                                      Function 004030B3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,0000D1E4), ref: 004030C1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FilePointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 973152223-0
                                                                                                      • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                      • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                                      • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                      • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                                      Function 00403E76 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403C53), ref: 00403E80
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 2492992576-0
                                                                                                      • Opcode ID: d33db0a47f3fca7588c5496a5f10e207f5293c3625954d1c95bf5977bf8fd5af
                                                                                                      • Instruction ID: ca855c97b32de281139fd37a74ef6075866d5fc6662843788ed9aaf7f391f324
                                                                                                      • Opcode Fuzzy Hash: d33db0a47f3fca7588c5496a5f10e207f5293c3625954d1c95bf5977bf8fd5af
                                                                                                      • Instruction Fuzzy Hash: D6A00275914100ABCB159B50EE14D05BB61BF54701B415435A1459417596315561EF19

                                                                                                      Non-executed Functions

                                                                                                      Function 004047D3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 004047EA
                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 004047F7
                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000003), ref: 00404843
                                                                                                      • LoadBitmapA.USER32(0000006E), ref: 00404856
                                                                                                      • SetWindowLongA.USER32(?,000000FC,00404DD4), ref: 00404870
                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404884
                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404898
                                                                                                      • SendMessageA.USER32(?,00001109,00000002), ref: 004048AD
                                                                                                      • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048B9
                                                                                                      • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048CB
                                                                                                      • DeleteObject.GDI32(?), ref: 004048D0
                                                                                                      • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004048FB
                                                                                                      • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404907
                                                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040499C
                                                                                                      • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049C7
                                                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049DB
                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 00404A0A
                                                                                                      • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A18
                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404A29
                                                                                                      • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B2C
                                                                                                      • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B91
                                                                                                      • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BA6
                                                                                                      • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BCA
                                                                                                      • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF0
                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404C05
                                                                                                      • GlobalFree.KERNEL32(?), ref: 00404C15
                                                                                                      • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C85
                                                                                                      • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D2E
                                                                                                      • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D3D
                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D5D
                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00404DAB
                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00404DB6
                                                                                                      • ShowWindow.USER32(00000000), ref: 00404DBD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                      • String ID: $M$N
                                                                                                      • API String ID: 1638840714-813528018
                                                                                                      • Opcode ID: 07b2c7f30ca18f3d8b379a04c032e635c9b57a3d7559d31fe7a283bda0d46e85
                                                                                                      • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                                                                      • Opcode Fuzzy Hash: 07b2c7f30ca18f3d8b379a04c032e635c9b57a3d7559d31fe7a283bda0d46e85
                                                                                                      • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                                                                      Function 00404292 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004042E1
                                                                                                      • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                                                                      • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                                                                      • lstrcmpiA.KERNEL32(Execute: ,00420538), ref: 004043F9
                                                                                                      • lstrcatA.KERNEL32(?,Execute: ), ref: 00404405
                                                                                                      • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404417
                                                                                                        • Part of subcall function 0040543D: GetDlgItemTextA.USER32(?,?,00000400,0040444E), ref: 00405450
                                                                                                        • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PmsbthDWFX.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                        • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                        • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\PmsbthDWFX.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                        • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                      • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                                                                                        • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                        • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                                                                        • Part of subcall function 00404649: SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                      • String ID: A$C:\Users\user\AppData\Local\FluxSoftware\Flux$Execute:
                                                                                                      • API String ID: 2624150263-1907152366
                                                                                                      • Opcode ID: 28c5b4b8dfbc40c9ed3325840b4362d2a49f3efea0e5cc9a9a6da045f6b7ca24
                                                                                                      • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                                                                      • Opcode Fuzzy Hash: 28c5b4b8dfbc40c9ed3325840b4362d2a49f3efea0e5cc9a9a6da045f6b7ca24
                                                                                                      • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                                                                      Function 00402053 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime, xrefs: 004020DE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                                                                      • String ID: C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime
                                                                                                      • API String ID: 123533781-571259931
                                                                                                      • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                                                                      • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                                                                      • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                                                                      • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                                                                      Function 00402671 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFindFirst
                                                                                                      • String ID:
                                                                                                      • API String ID: 1974802433-0
                                                                                                      • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                                                                      • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                                                                      • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                                                                      • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                                                                      Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                      • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                      • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                      • DrawTextA.USER32(00000000,f.lux Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                      • String ID: F$f.lux Setup
                                                                                                      • API String ID: 941294808-1156349820
                                                                                                      • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                      • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                                                                      • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                      • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                                                                      Function 004058E6 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                        • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                                                                                      • GetShortPathNameA.KERNEL32(?,004226C8,00000400), ref: 0040593C
                                                                                                      • GetShortPathNameA.KERNEL32(00000000,00422140,00000400), ref: 00405959
                                                                                                      • wsprintfA.USER32 ref: 00405977
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                                                                      • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405A36
                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                                                                                        • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                        • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                      • String ID: %s=%s$@!B$[Rename]
                                                                                                      • API String ID: 3445103937-2946522640
                                                                                                      • Opcode ID: 69cc32c61013335360b138d4a9e1e89797ee7496f1966463582f17a56042ae47
                                                                                                      • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                                                                      • Opcode Fuzzy Hash: 69cc32c61013335360b138d4a9e1e89797ee7496f1966463582f17a56042ae47
                                                                                                      • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                                                                      Function 00405DFA Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PmsbthDWFX.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                      • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                      • CharNextA.USER32(?,"C:\Users\user\Desktop\PmsbthDWFX.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                      • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Char$Next$Prev
                                                                                                      • String ID: "C:\Users\user\Desktop\PmsbthDWFX.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 589700163-2013160479
                                                                                                      • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                      • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                                                                      • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                      • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                                                                      Function 00402B6E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                                                      • MulDiv.KERNEL32(000A220D,00000064,000A7A90), ref: 00402BB4
                                                                                                      • wsprintfA.USER32 ref: 00402BC4
                                                                                                      • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                                                      • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BE6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                      • String ID: "$verifying installer: %d%%
                                                                                                      • API String ID: 1451636040-4089774380
                                                                                                      • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                      • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                                                                      • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                      • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                                                                      Function 00403EBB Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00403ED8
                                                                                                      • GetSysColor.USER32(00000000), ref: 00403EF4
                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00403F00
                                                                                                      • SetBkMode.GDI32(?,?), ref: 00403F0C
                                                                                                      • GetSysColor.USER32(?), ref: 00403F1F
                                                                                                      • SetBkColor.GDI32(?,?), ref: 00403F2F
                                                                                                      • DeleteObject.GDI32(?), ref: 00403F49
                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00403F53
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2320649405-0
                                                                                                      • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                      • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                                                                      • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                      • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                                                                      Function 004026AF Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000D200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402758
                                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402771
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                                      • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3294113728-0
                                                                                                      • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                      • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                                                                      • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                      • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                                                                      Function 00404753 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040476E
                                                                                                      • GetMessagePos.USER32 ref: 00404776
                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404790
                                                                                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047A2
                                                                                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047C8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                      • String ID: f
                                                                                                      • API String ID: 41195575-1993550816
                                                                                                      • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                      • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                                                                      • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                      • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                                                                      Function 1000103F Relevance: 9.1, APIs: 6, Instructions: 55synchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • OpenProcess.KERNEL32(00100401,00000000,?,0000025E,?,00000000,?), ref: 10001054
                                                                                                      • EnumWindows.USER32(10001007,?), ref: 10001074
                                                                                                      • GetExitCodeProcess.KERNEL32(00000000,?), ref: 10001084
                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 1000109D
                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 100010AE
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 100010C5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2235680240.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2235664032.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2235694021.0000000010002000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2235733978.0000000010004000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_10000000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$CloseCodeEnumExitHandleObjectOpenSingleTerminateWaitWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 3465249596-0
                                                                                                      • Opcode ID: 45a2251c50cfe7217ad4567bb79eedec0e3199e983198285888405aa9b7494a4
                                                                                                      • Instruction ID: 6b4dcd5717a232181223c093e4f4244ae1ce1555a3c8e15b92772d9ea2fb9ae7
                                                                                                      • Opcode Fuzzy Hash: 45a2251c50cfe7217ad4567bb79eedec0e3199e983198285888405aa9b7494a4
                                                                                                      • Instruction Fuzzy Hash: 5211E235A00299EFFB00DFA5CCC8AEE77BCEB456C5F014069FA4192149D7B49981CB62
                                                                                                      Function 00402336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                                                                      • lstrlenA.KERNEL32(603,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                                                                      • RegSetValueExA.ADVAPI32(?,?,?,?,603,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,603,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                                      • String ID: 603
                                                                                                      • API String ID: 1356686001-3207665621
                                                                                                      • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                                                                      • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                                                                      • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                                                                      • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                                                                      Function 00401D38 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDC.USER32(?), ref: 00401D3F
                                                                                                      • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                                      • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsCreateDeviceFontIndirect
                                                                                                      • String ID: MS Shell Dlg
                                                                                                      • API String ID: 3272661963-76309092
                                                                                                      • Opcode ID: a9298141b1f095fcaf95ff344d33ad943959194b3cf4f8128d904c0ec442fd70
                                                                                                      • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                                                                      • Opcode Fuzzy Hash: a9298141b1f095fcaf95ff344d33ad943959194b3cf4f8128d904c0ec442fd70
                                                                                                      • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                                                                      Function 00402A69 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1912718029-0
                                                                                                      • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                      • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                                                                      • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                      • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                                                                      Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                      • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 1849352358-0
                                                                                                      • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                                                                      • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                                                                      • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                                                                      • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                                                                      Function 00404649 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                      • wsprintfA.USER32 ref: 004046EF
                                                                                                      • SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                      • String ID: %u.%u%s%s
                                                                                                      • API String ID: 3540041739-3551169577
                                                                                                      • Opcode ID: 7210fb9d01487ee906548abd00a0d5c7d7f9b302fb963ce856f1f9fa5fb5d28c
                                                                                                      • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                                                                      • Opcode Fuzzy Hash: 7210fb9d01487ee906548abd00a0d5c7d7f9b302fb963ce856f1f9fa5fb5d28c
                                                                                                      • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                                                                      Function 004038B4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetWindowTextA.USER32(00000000,f.lux Setup), ref: 0040394C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: TextWindow
                                                                                                      • String ID: "C:\Users\user\Desktop\PmsbthDWFX.exe"$1033$f.lux Setup
                                                                                                      • API String ID: 530164218-3866432213
                                                                                                      • Opcode ID: fce36b3fcd567fb9c57be741c5578a3dbe12bdeb2efae4693c89d4ef869b7e65
                                                                                                      • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                                                                      • Opcode Fuzzy Hash: fce36b3fcd567fb9c57be741c5578a3dbe12bdeb2efae4693c89d4ef869b7e65
                                                                                                      • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                                                                      Function 0040568B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                                                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                                                                                      • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 2659869361-823278215
                                                                                                      • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                      • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                                                                      • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                      • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                                                                      Function 00402BF1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                                      • GetTickCount.KERNEL32 ref: 00402C22
                                                                                                      • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                      • String ID:
                                                                                                      • API String ID: 2102729457-0
                                                                                                      • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                      • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                                                                      • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                      • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                                                                      Function 00404DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 00404E0A
                                                                                                      • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E78
                                                                                                        • Part of subcall function 00403EA0: SendMessageA.USER32(0002048A,00000000,00000000,00000000), ref: 00403EB2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                      • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                      • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                                                                      • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                      • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                                                                      Function 004024F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                                                      • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime, xrefs: 004024FD, 00402522
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWritelstrlen
                                                                                                      • String ID: C:\Users\user\AppData\Local\FluxSoftware\Flux\runtime
                                                                                                      • API String ID: 427699356-571259931
                                                                                                      • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                                                                      • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                                                                      • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                                                                      • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                                                                      Function 00403556 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00403577
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                      • API String ID: 1100898210-823278215
                                                                                                      • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                      • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                                                                      • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                      • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                                                                      Function 004056D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PmsbthDWFX.exe,C:\Users\user\Desktop\PmsbthDWFX.exe,80000000,00000003), ref: 004056D8
                                                                                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PmsbthDWFX.exe,C:\Users\user\Desktop\PmsbthDWFX.exe,80000000,00000003), ref: 004056E6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharPrevlstrlen
                                                                                                      • String ID: C:\Users\user\Desktop
                                                                                                      • API String ID: 2709904686-1246513382
                                                                                                      • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                      • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                                                                      • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                      • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                                                                      Function 004057E4 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405804
                                                                                                      • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2234520130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2234495628.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234540364.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234555164.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2234658538.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_PmsbthDWFX.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                      • String ID:
                                                                                                      • API String ID: 190613189-0
                                                                                                      • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                      • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                                                                      • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                      • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:0.6%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:8.5%
                                                                                                      Total number of Nodes:610
                                                                                                      Total number of Limit Nodes:57
                                                                                                      execution_graph 68498 1016910 LoadLibraryExA 68499 1016939 GetProcAddress 68498->68499 68500 1016928 68498->68500 68502 ffdb2b __cinit 74 API calls 68499->68502 68505 ffdb2b 68500->68505 68504 1016954 68502->68504 68508 ffdaef 68505->68508 68507 ffdb38 68509 ffdafb __mtinitlocknum 68508->68509 68516 1000b8e 68509->68516 68515 ffdb1c __mtinitlocknum 68515->68507 68542 1002247 68516->68542 68518 ffdb00 68519 ffda04 68518->68519 68551 10041b3 TlsGetValue 68519->68551 68522 10041b3 __decode_pointer 6 API calls 68523 ffda28 68522->68523 68524 ffdaab 68523->68524 68561 10062f5 68 API calls 5 library calls 68523->68561 68539 ffdb25 68524->68539 68526 ffda46 68527 ffda92 68526->68527 68530 ffda61 68526->68530 68531 ffda70 68526->68531 68528 1004138 __encode_pointer 6 API calls 68527->68528 68529 ffdaa0 68528->68529 68532 1004138 __encode_pointer 6 API calls 68529->68532 68562 1006255 73 API calls _realloc 68530->68562 68531->68524 68534 ffda6a 68531->68534 68532->68524 68534->68531 68537 ffda86 68534->68537 68563 1006255 73 API calls _realloc 68534->68563 68536 ffda80 68536->68524 68536->68537 68564 1004138 TlsGetValue 68537->68564 68576 1000b97 68539->68576 68543 100225c 68542->68543 68544 100226f EnterCriticalSection 68542->68544 68549 1002184 67 API calls 7 library calls 68543->68549 68544->68518 68546 1002262 68546->68544 68550 1000b22 67 API calls 3 library calls 68546->68550 68548 100226e 68548->68544 68549->68546 68550->68548 68552 10041cb 68551->68552 68553 10041ec GetModuleHandleW 68551->68553 68552->68553 68554 10041d5 TlsGetValue 68552->68554 68555 1004207 GetProcAddress 68553->68555 68556 10041fc 68553->68556 68559 10041e0 68554->68559 68558 ffda18 68555->68558 68574 1000af2 Sleep GetModuleHandleW 68556->68574 68558->68522 68559->68553 68559->68558 68560 1004202 68560->68555 68560->68558 68561->68526 68562->68534 68563->68536 68565 1004150 68564->68565 68566 1004171 GetModuleHandleW 68564->68566 68565->68566 68567 100415a TlsGetValue 68565->68567 68568 1004181 68566->68568 68569 100418c GetProcAddress 68566->68569 68571 1004165 68567->68571 68575 1000af2 Sleep GetModuleHandleW 68568->68575 68573 1004169 68569->68573 68571->68566 68571->68573 68572 1004187 68572->68569 68572->68573 68573->68527 68574->68560 68575->68572 68579 100216d LeaveCriticalSection 68576->68579 68578 ffdb2a 68578->68515 68579->68578 68583 10171b0 68584 10171c0 68583->68584 68585 10171b9 FreeLibrary 68583->68585 68585->68584 68586 10168c0 LoadLibraryExA 68587 10168e9 GetProcAddress 68586->68587 68588 10168d8 68586->68588 68589 ffdb2b __cinit 74 API calls 68587->68589 68590 ffdb2b __cinit 74 API calls 68588->68590 68592 1016904 68589->68592 68591 10168e7 68590->68591 68613 fcf070 68616 fa53b0 68613->68616 68617 fa53c9 GetWindowRect GetSystemMetrics GetSystemMetrics 68616->68617 68618 fa54ce 68616->68618 68619 fa5414 GetWindowRect 68617->68619 68620 fa541e MoveWindow 68617->68620 68619->68620 68620->68618 68622 fcf090 68623 fcf09c KiUserCallbackDispatcher 68622->68623 68624 fcf0b6 68622->68624 68626 fcf0b0 68623->68626 68624->68626 68627 fcf0c2 EndDialog 68624->68627 68628 ffef60 68667 1002d40 68628->68667 68630 ffef6c GetStartupInfoA 68632 ffef8f 68630->68632 68668 100209b HeapCreate 68632->68668 68634 ffefdf 68670 10045f3 GetModuleHandleW 68634->68670 68638 ffeff0 __RTC_Initialize 68704 1008756 68638->68704 68641 ffeffe 68642 fff00a GetCommandLineA 68641->68642 68844 1000b22 67 API calls 3 library calls 68641->68844 68719 10093b1 68642->68719 68645 fff009 68645->68642 68649 fff02f 68758 100907e 68649->68758 68653 fff040 68773 1000be1 68653->68773 68656 fff047 68657 fff052 68656->68657 68847 1000b22 67 API calls 3 library calls 68656->68847 68779 100901f 68657->68779 68663 fff081 68848 1000dbe 67 API calls _doexit 68663->68848 68666 fff086 __mtinitlocknum 68667->68630 68669 ffefd3 68668->68669 68669->68634 68842 ffef37 67 API calls 3 library calls 68669->68842 68671 1004607 68670->68671 68672 100460e 68670->68672 68849 1000af2 Sleep GetModuleHandleW 68671->68849 68674 1004776 68672->68674 68675 1004618 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 68672->68675 68859 100429f 7 API calls __decode_pointer 68674->68859 68678 1004661 TlsAlloc 68675->68678 68677 100460d 68677->68672 68680 ffefe5 68678->68680 68681 10046af TlsSetValue 68678->68681 68680->68638 68843 ffef37 67 API calls 3 library calls 68680->68843 68681->68680 68682 10046c0 68681->68682 68850 1000ddc 6 API calls 4 library calls 68682->68850 68684 10046c5 68685 1004138 __encode_pointer 6 API calls 68684->68685 68686 10046d0 68685->68686 68687 1004138 __encode_pointer 6 API calls 68686->68687 68688 10046e0 68687->68688 68689 1004138 __encode_pointer 6 API calls 68688->68689 68690 10046f0 68689->68690 68691 1004138 __encode_pointer 6 API calls 68690->68691 68692 1004700 68691->68692 68851 10020cb InitializeCriticalSectionAndSpinCount __mtinitlocknum 68692->68851 68694 100470d 68694->68674 68695 10041b3 __decode_pointer 6 API calls 68694->68695 68696 1004721 68695->68696 68696->68674 68852 1006209 68696->68852 68699 10041b3 __decode_pointer 6 API calls 68700 1004754 68699->68700 68700->68674 68701 100475b 68700->68701 68858 10042dc 67 API calls 5 library calls 68701->68858 68703 1004763 GetCurrentThreadId 68703->68680 68878 1002d40 68704->68878 68706 1008762 GetStartupInfoA 68707 1006209 __calloc_crt 67 API calls 68706->68707 68708 1008783 68707->68708 68709 10089a1 __mtinitlocknum 68708->68709 68710 10088e8 68708->68710 68713 1006209 __calloc_crt 67 API calls 68708->68713 68715 100886b 68708->68715 68709->68641 68710->68709 68711 100891e GetStdHandle 68710->68711 68712 1008983 SetHandleCount 68710->68712 68714 1008930 GetFileType 68710->68714 68880 1009a75 InitializeCriticalSectionAndSpinCount __mtinitlocknum 68710->68880 68711->68710 68712->68709 68713->68708 68714->68710 68715->68709 68715->68710 68716 1008894 GetFileType 68715->68716 68879 1009a75 InitializeCriticalSectionAndSpinCount __mtinitlocknum 68715->68879 68716->68715 68720 10093cf GetEnvironmentStringsW 68719->68720 68724 10093ee 68719->68724 68721 10093e3 GetLastError 68720->68721 68722 10093d7 68720->68722 68721->68724 68725 1009419 WideCharToMultiByte 68722->68725 68726 100940a GetEnvironmentStringsW 68722->68726 68723 1009487 68727 1009490 GetEnvironmentStrings 68723->68727 68728 fff01a 68723->68728 68724->68722 68724->68723 68731 100947c FreeEnvironmentStringsW 68725->68731 68732 100944d 68725->68732 68726->68725 68726->68728 68727->68728 68729 10094a0 68727->68729 68745 10092f6 68728->68745 68883 10061c4 67 API calls _malloc 68729->68883 68731->68728 68881 10061c4 67 API calls _malloc 68732->68881 68736 10094ba 68738 10094c1 FreeEnvironmentStringsA 68736->68738 68739 10094cd _memcpy_s 68736->68739 68737 1009453 68737->68731 68740 100945b WideCharToMultiByte 68737->68740 68738->68728 68743 10094d7 FreeEnvironmentStringsA 68739->68743 68741 1009475 68740->68741 68742 100946d 68740->68742 68741->68731 68882 ffd09d 67 API calls 7 library calls 68742->68882 68743->68728 68746 1009310 GetModuleFileNameA 68745->68746 68747 100930b 68745->68747 68748 1009337 68746->68748 68890 10051e6 111 API calls __setmbcp 68747->68890 68884 100915c 68748->68884 68752 fff024 68752->68649 68845 1000b22 67 API calls 3 library calls 68752->68845 68753 1009373 68891 10061c4 67 API calls _malloc 68753->68891 68755 1009379 68755->68752 68756 100915c _parse_cmdline 77 API calls 68755->68756 68757 1009393 68756->68757 68757->68752 68759 1009087 68758->68759 68762 100908c _strlen 68758->68762 68893 10051e6 111 API calls __setmbcp 68759->68893 68761 fff035 68761->68653 68846 1000b22 67 API calls 3 library calls 68761->68846 68762->68761 68763 1006209 __calloc_crt 67 API calls 68762->68763 68764 10090c1 _strlen 68763->68764 68764->68761 68765 100911f 68764->68765 68767 1006209 __calloc_crt 67 API calls 68764->68767 68768 1009145 68764->68768 68771 1009106 68764->68771 68894 ffd5ad 67 API calls __mbsnbicmp_l 68764->68894 68896 ffd09d 67 API calls 7 library calls 68765->68896 68767->68764 68897 ffd09d 67 API calls 7 library calls 68768->68897 68771->68764 68895 1003d65 10 API calls 3 library calls 68771->68895 68774 1000bef __IsNonwritableInCurrentImage 68773->68774 68898 100c174 68774->68898 68776 1000c0d __initterm_e 68777 ffdb2b __cinit 74 API calls 68776->68777 68778 1000c2c __IsNonwritableInCurrentImage __initterm 68776->68778 68777->68778 68778->68656 68780 100902d 68779->68780 68782 1009032 68779->68782 68902 10051e6 111 API calls __setmbcp 68780->68902 68783 fff058 68782->68783 68903 100bb2c 77 API calls x_ismbbtype_l 68782->68903 68785 f7df30 GetModuleFileNameA 68783->68785 68904 f7d860 68785->68904 68787 f7dfc8 68787->68663 68839 1000d92 68787->68839 68789 f7dfc1 68791 f7d050 206 API calls 68789->68791 68790 f7dfd0 68792 f7e000 68790->68792 68794 f7e00e 68790->68794 68791->68787 68976 f7d050 68792->68976 68795 f7e03e 68794->68795 68799 f7e048 68794->68799 69021 f7cf50 159 API calls 68795->69021 68797 f7e0ae 68797->68787 69041 f87840 107 API calls 68797->69041 68799->68797 68800 f7e0a9 68799->68800 68802 f7e0c0 68799->68802 69022 f87970 68800->69022 68803 f7e123 68802->68803 68804 f7e0f0 68802->68804 69044 f7d220 85 API calls 68803->69044 68805 f87970 98 API calls 68804->68805 68807 f7e0f5 68805->68807 68807->68787 69042 fa6fe0 IsWindow IsWindowVisible PostMessageA PostMessageA MessageBoxA 68807->69042 68808 f7e128 69045 f7ddc0 125 API calls 68808->69045 68811 f7e10e 68811->68787 69043 f87840 107 API calls 68811->69043 68813 f7e175 CreateMutexA GetLastError 69047 fa68f0 162 API calls 4 library calls 68813->69047 68814 f7e12e 68814->68787 68814->68813 69046 f7dca0 139 API calls __mbsnbicmp_l 68814->69046 68817 f7e171 68817->68813 68818 f7e1e0 69048 fd2ef0 78 API calls 68818->69048 68819 f7e2b2 68819->68787 69055 f7db70 132 API calls __mbsnbicmp_l 68819->69055 68820 f7e196 __mbsstr_l 68820->68818 68820->68819 68823 f7e20d 69049 f619c0 226 API calls 68823->69049 68825 f7e21b 69050 fd30d0 69 API calls 68825->69050 68827 f7e230 68830 f7e244 68827->68830 69051 f7d3a0 782 API calls 3 library calls 68827->69051 68834 f7e29e CloseHandle 68830->68834 69052 fa7b70 IsWindow IsWindowVisible 68830->69052 68831 f7e281 69053 fa6f60 MessageBoxA 68831->69053 69054 fa6a80 71 API calls ctype 68834->69054 68838 f7e2b0 68838->68787 69281 1000c66 68839->69281 68841 1000da3 68841->68663 68842->68634 68843->68638 68844->68645 68845->68649 68846->68653 68847->68657 68848->68666 68849->68677 68850->68684 68851->68694 68854 1006212 68852->68854 68855 100473a 68854->68855 68856 1006230 Sleep 68854->68856 68860 100be3b 68854->68860 68855->68674 68855->68699 68857 1006245 68856->68857 68857->68854 68857->68855 68858->68703 68861 100be47 __mtinitlocknum 68860->68861 68862 100be5f 68861->68862 68872 100be7e _memset 68861->68872 68873 fffcbc 67 API calls __getptd_noexit 68862->68873 68864 100be64 68874 1003e8d 6 API calls 2 library calls 68864->68874 68866 100bef0 HeapAlloc 68866->68872 68867 100be74 __mtinitlocknum 68867->68854 68869 1002247 __lock 66 API calls 68869->68872 68872->68866 68872->68867 68872->68869 68875 1002a59 5 API calls 2 library calls 68872->68875 68876 100bf37 LeaveCriticalSection _doexit 68872->68876 68877 1002f8c 6 API calls __decode_pointer 68872->68877 68873->68864 68875->68872 68876->68872 68877->68872 68878->68706 68879->68715 68880->68710 68881->68737 68882->68741 68883->68736 68886 100917b 68884->68886 68888 10091e8 68886->68888 68892 100bb2c 77 API calls x_ismbbtype_l 68886->68892 68887 10092e6 68887->68752 68887->68753 68888->68887 68889 100bb2c 77 API calls _parse_cmdline 68888->68889 68889->68888 68890->68746 68891->68755 68892->68886 68893->68762 68894->68764 68895->68771 68896->68761 68897->68761 68899 100c17a 68898->68899 68900 1004138 __encode_pointer 6 API calls 68899->68900 68901 100c192 68899->68901 68900->68899 68901->68776 68902->68782 68903->68782 68905 f7d86a __write_nolock 68904->68905 69056 fcecb0 68905->69056 68909 f7d8d2 69071 f64120 68909->69071 68911 f7d8dc 68912 fcecb0 92 API calls 68911->68912 68913 f7d91a 68912->68913 68914 f63f90 92 API calls 68913->68914 68915 f7d930 68914->68915 68916 f64120 73 API calls 68915->68916 68917 f7d93a 68916->68917 68918 fcecb0 92 API calls 68917->68918 68919 f7d978 68918->68919 68920 f63f90 92 API calls 68919->68920 68921 f7d98e 68920->68921 68922 f64120 73 API calls 68921->68922 68923 f7d998 68922->68923 69081 f63f20 68923->69081 68925 f7d9a9 68926 f7d9d3 68925->68926 68927 f7d9c1 InterlockedIncrement 68925->68927 68929 f7da23 68926->68929 68930 f7d9e9 InterlockedDecrement 68926->68930 68927->68926 68928 f7d9d0 InterlockedDecrement 68927->68928 68928->68926 68931 f7da29 68929->68931 68932 f7da58 68929->68932 68933 f7d9fd 68930->68933 68934 f7d9f8 InterlockedIncrement 68930->68934 68935 f64120 73 API calls 68931->68935 68937 f63f20 92 API calls 68932->68937 68936 f7da06 InterlockedDecrement 68933->68936 69099 fbf5a0 69 API calls ___free_lc_time 68933->69099 68934->68936 68938 f7da36 68935->68938 68941 f7da15 InterlockedIncrement 68936->68941 68945 f7da1a 68936->68945 68939 f7da69 68937->68939 68942 f64120 73 API calls 68938->68942 68943 f7da87 68939->68943 68944 f7da75 InterlockedIncrement 68939->68944 68941->68929 68946 f7da43 68942->68946 68950 f7da9d InterlockedDecrement 68943->68950 68960 f7dad7 68943->68960 68944->68943 68947 f7da84 InterlockedDecrement 68944->68947 68945->68929 69100 fbf5a0 69 API calls ___free_lc_time 68945->69100 68949 f64120 73 API calls 68946->68949 68947->68943 68951 f7da50 68949->68951 68952 f7dab1 68950->68952 68953 f7daac InterlockedIncrement 68950->68953 69091 ffceb0 68951->69091 68955 f7daba InterlockedDecrement 68952->68955 69101 fbf5a0 69 API calls ___free_lc_time 68952->69101 68953->68955 68954 f7dadd 68956 f64120 73 API calls 68954->68956 68961 f7dace 68955->68961 68962 f7dac9 InterlockedIncrement 68955->68962 68963 f7daea 68956->68963 68958 f7db61 68958->68787 68958->68789 68958->68790 68960->68954 69103 ffd74d 91 API calls __wcstoi64 68960->69103 68961->68960 69102 fbf5a0 69 API calls ___free_lc_time 68961->69102 68962->68960 68965 f64120 73 API calls 68963->68965 68968 f7daf7 68965->68968 68966 f7db1e 68966->68954 68970 f7db26 68966->68970 68969 f64120 73 API calls 68968->68969 68969->68951 68971 f64120 73 API calls 68970->68971 68972 f7db33 68971->68972 68973 f64120 73 API calls 68972->68973 68974 f7db40 68973->68974 68975 f64120 73 API calls 68974->68975 68975->68951 69114 fa8e20 68976->69114 68978 f7d061 68979 f7d211 68978->68979 68980 f87970 98 API calls 68978->68980 68979->68787 68981 f7d06e 68980->68981 68982 f7d077 68981->68982 69203 f87e20 68981->69203 68986 f7d1ee 68982->68986 69145 fa8d10 68982->69145 68985 f7d084 68987 f7d0a7 68985->68987 68988 f7d088 68985->68988 68986->68787 69154 fb5560 68987->69154 69230 fa8c60 10 API calls 2 library calls 68988->69230 68991 f7d08d 68991->68987 68993 f7d091 68991->68993 68992 f7d0fb 68994 fb5560 93 API calls 68992->68994 69231 fa84d0 ShellExecuteExA WaitForSingleObject CloseHandle _memset 68993->69231 68995 f7d11b RegSetValueExA 68994->68995 68999 f7d14e RegSetValueExA 68995->68999 68997 f7d09d 68997->68787 69165 f87f80 68999->69165 69002 f7d16c 69003 f7d171 69002->69003 69004 f7d18c 69002->69004 69232 fb54e0 69003->69232 69187 fcf160 69004->69187 69007 f7d1bf 69009 f7d1ca 69007->69009 69200 f877c0 GetCurrentProcess OpenProcessToken 69007->69200 69008 f7d17a 69010 fb54e0 73 API calls 69008->69010 69012 f7d1f7 69009->69012 69014 f7d1d4 69009->69014 69013 f7d183 69010->69013 69015 fb54e0 73 API calls 69012->69015 69013->68787 69016 fb54e0 73 API calls 69014->69016 69017 f7d208 69015->69017 69018 f7d1e5 69016->69018 69019 fb54e0 73 API calls 69017->69019 69020 fb54e0 73 API calls 69018->69020 69019->68979 69020->68986 69021->68787 69023 fb5560 93 API calls 69022->69023 69024 f879c5 69023->69024 69025 fb5560 93 API calls 69024->69025 69026 f879e5 69025->69026 69027 f87a09 69026->69027 69029 fb56e0 RegQueryValueExA 69026->69029 69028 f87a49 69027->69028 69030 fb56e0 RegQueryValueExA 69027->69030 69034 f87a0d 69027->69034 69031 fb54e0 73 API calls 69028->69031 69029->69027 69032 f87a45 69030->69032 69033 f87a52 69031->69033 69032->69028 69032->69034 69035 fb54e0 73 API calls 69033->69035 69036 fb54e0 73 API calls 69034->69036 69038 f87a5b 69035->69038 69037 f87a1d 69036->69037 69039 fb54e0 73 API calls 69037->69039 69038->68797 69040 f87a26 69039->69040 69040->68797 69041->68787 69042->68811 69043->68787 69044->68808 69045->68814 69046->68817 69047->68820 69048->68823 69049->68825 69050->68827 69051->68830 69052->68831 69054->68838 69055->68787 69057 fceccc 69056->69057 69058 f7d8bc 69056->69058 69057->69058 69059 fcee6e 69057->69059 69061 fcedda 69057->69061 69063 fcec60 79 API calls 69057->69063 69105 fcef80 79 API calls 69057->69105 69106 fcefe0 79 API calls 69057->69106 69066 f63f90 69058->69066 69107 fcebb0 92 API calls _memcpy_s 69059->69107 69061->69058 69104 fcebb0 92 API calls _memcpy_s 69061->69104 69063->69057 69067 f63ffc 69066->69067 69068 f63fa6 _strncmp 69066->69068 69067->68909 69068->69067 69069 fcecb0 92 API calls 69068->69069 69070 f64056 69069->69070 69070->68909 69108 f640d0 71 API calls 69071->69108 69073 f64130 69074 f6413e 69073->69074 69109 fbf5a0 69 API calls ___free_lc_time 69073->69109 69076 f6417c 69074->69076 69077 f6414c InterlockedDecrement 69074->69077 69076->68911 69078 f64170 69077->69078 69079 f6415f InterlockedIncrement 69077->69079 69078->69076 69110 fbf5a0 69 API calls ___free_lc_time 69078->69110 69079->68911 69111 f63de0 88 API calls 69081->69111 69083 f63f34 69084 f63f81 69083->69084 69085 f63f3f InterlockedIncrement 69083->69085 69084->68925 69086 f63f5d InterlockedDecrement 69085->69086 69087 f63f5a InterlockedDecrement 69085->69087 69088 f63f6c InterlockedIncrement 69086->69088 69089 f63f78 69086->69089 69087->69086 69088->68925 69089->69084 69112 fbf5a0 69 API calls ___free_lc_time 69089->69112 69092 ffceba IsDebuggerPresent 69091->69092 69093 ffceb8 69091->69093 69113 100d21c 69092->69113 69093->68958 69096 1001cc9 SetUnhandledExceptionFilter UnhandledExceptionFilter 69097 1001ce6 __invoke_watson 69096->69097 69098 1001cee GetCurrentProcess TerminateProcess 69096->69098 69097->69098 69098->68958 69099->68936 69100->68929 69101->68955 69102->68960 69103->68966 69104->69058 69105->69057 69106->69057 69107->69061 69108->69073 69109->69074 69110->69076 69111->69083 69112->69084 69113->69096 69242 100055c 77 API calls __splitpath_helper 69114->69242 69116 fa8e89 69243 fa7920 132 API calls 4 library calls 69116->69243 69118 fa8e97 69244 10005a8 77 API calls 2 library calls 69118->69244 69120 fa8ec6 69245 f9c500 86 API calls _memcpy_s 69120->69245 69122 fa8fa4 69250 f63870 71 API calls 69122->69250 69124 fa8eed 69124->69122 69126 fa8f7f InterlockedDecrement 69124->69126 69130 fa8f18 InterlockedDecrement 69124->69130 69125 fa8fad 69127 ffceb0 __fltin2 5 API calls 69125->69127 69128 fa8f9b 69126->69128 69129 fa8f92 InterlockedIncrement 69126->69129 69131 fa8fbf 69127->69131 69128->69122 69249 fbf5a0 69 API calls ___free_lc_time 69128->69249 69129->69122 69132 fa8f2b InterlockedIncrement 69130->69132 69133 fa8f54 69130->69133 69131->68978 69246 f63870 71 API calls 69132->69246 69136 fa8f5d 69133->69136 69247 fbf5a0 69 API calls ___free_lc_time 69133->69247 69248 f63870 71 API calls 69136->69248 69138 fa8f3b 69141 ffceb0 __fltin2 5 API calls 69138->69141 69140 fa8f66 69142 ffceb0 __fltin2 5 API calls 69140->69142 69143 fa8f4d 69141->69143 69144 fa8f78 69142->69144 69143->68978 69144->68978 69251 1001b50 __VEC_memzero 69145->69251 69147 fa8d35 GetVersionExA 69148 fa8d4e 69147->69148 69149 fa8d65 69147->69149 69151 ffceb0 __fltin2 5 API calls 69148->69151 69150 ffceb0 __fltin2 5 API calls 69149->69150 69152 fa8d7b 69150->69152 69153 fa8d5e 69151->69153 69152->68985 69153->68985 69157 fb5575 69154->69157 69163 fb55a6 69157->69163 69262 f9c500 86 API calls _memcpy_s 69157->69262 69158 fb55bb InterlockedDecrement 69161 fb55ce InterlockedIncrement 69158->69161 69162 fb55d7 69158->69162 69159 fb55e0 RegCreateKeyExA 69159->68992 69161->69159 69162->69159 69263 fbf5a0 69 API calls ___free_lc_time 69162->69263 69252 f61250 69163->69252 69166 f87e20 143 API calls 69165->69166 69167 f87f8b 69166->69167 69168 f880c6 69167->69168 69169 fb5560 93 API calls 69167->69169 69168->69002 69170 f87fdf 69169->69170 69171 fb5560 93 API calls 69170->69171 69172 f87fff 69171->69172 69177 f88023 69172->69177 69265 fb56e0 69172->69265 69173 f880b4 69175 fb54e0 73 API calls 69173->69175 69178 f880bd 69175->69178 69176 fb56e0 RegQueryValueExA 69179 f88087 69176->69179 69177->69173 69177->69176 69180 f88027 RegSetValueExA 69177->69180 69181 fb54e0 73 API calls 69178->69181 69179->69173 69179->69180 69183 fb54e0 73 API calls 69180->69183 69181->69168 69184 f8805f 69183->69184 69185 fb54e0 73 API calls 69184->69185 69186 f88068 69185->69186 69186->69002 69188 fcf16f IsIconic 69187->69188 69189 fcf186 DialogBoxParamA 69187->69189 69188->69189 69190 fcf17a ShowWindow 69188->69190 69192 fcf1b9 69189->69192 69193 fcf1ca 69189->69193 69190->69189 69269 fa6f00 8 API calls 69192->69269 69271 fa6820 IsWindow IsWindowVisible PostMessageA PostMessageA 69193->69271 69196 fcf1cf 69196->69007 69197 fcf1be 69270 fa6820 IsWindow IsWindowVisible PostMessageA PostMessageA 69197->69270 69199 fcf1c3 69199->69007 69201 f877db 69200->69201 69202 f877e2 LookupPrivilegeValueA AdjustTokenPrivileges ExitWindowsEx 69200->69202 69201->69009 69202->69009 69272 f7e8c0 128 API calls 3 library calls 69203->69272 69205 f87e4d 69273 f62890 99 API calls 69205->69273 69207 f87e61 69208 f87e74 69207->69208 69274 f629a0 99 API calls 69207->69274 69275 f62a90 73 API calls 69208->69275 69211 f87e87 69212 f87f74 69211->69212 69213 fb5560 93 API calls 69211->69213 69212->68982 69214 f87ed9 69213->69214 69215 fb5560 93 API calls 69214->69215 69216 f87ef9 69215->69216 69217 f87f1d 69216->69217 69218 fb56e0 RegQueryValueExA 69216->69218 69219 f87f62 69217->69219 69220 fb56e0 RegQueryValueExA 69217->69220 69222 f87f21 69217->69222 69218->69217 69221 fb54e0 73 API calls 69219->69221 69223 f87f5e 69220->69223 69224 f87f6b 69221->69224 69226 fb54e0 73 API calls 69222->69226 69223->69219 69223->69222 69225 fb54e0 73 API calls 69224->69225 69225->69212 69227 f87f36 69226->69227 69228 fb54e0 73 API calls 69227->69228 69229 f87f3f 69228->69229 69229->68982 69230->68991 69231->68997 69276 fb5610 69232->69276 69235 fb54fe 69237 fb5506 InterlockedDecrement 69235->69237 69238 fb552e ctype 69235->69238 69236 fb54f1 RegCloseKey 69236->69235 69239 fb5519 InterlockedIncrement 69237->69239 69240 fb5522 69237->69240 69238->69008 69239->69238 69240->69238 69280 fbf5a0 69 API calls ___free_lc_time 69240->69280 69242->69116 69243->69118 69244->69120 69245->69124 69246->69138 69247->69136 69248->69140 69249->69122 69250->69125 69251->69147 69253 f612b1 69252->69253 69254 f6125e 69252->69254 69253->69158 69253->69159 69255 f6128d 69254->69255 69256 f6126e InterlockedDecrement 69254->69256 69255->69253 69257 f6129f InterlockedIncrement 69255->69257 69258 f6127d InterlockedIncrement 69256->69258 69260 f61282 69256->69260 69257->69253 69259 f612ae InterlockedDecrement 69257->69259 69258->69255 69259->69253 69260->69255 69264 fbf5a0 69 API calls ___free_lc_time 69260->69264 69262->69163 69263->69159 69264->69255 69266 fb56ea RegQueryValueExA 69265->69266 69268 fb571c 69266->69268 69268->69177 69269->69197 69270->69199 69271->69196 69272->69205 69273->69207 69274->69208 69275->69211 69277 fb54e7 69276->69277 69278 fb5621 69276->69278 69277->69235 69277->69236 69278->69277 69279 fb564f RegCloseKey 69278->69279 69279->69278 69280->69238 69282 1000c72 __mtinitlocknum 69281->69282 69283 1002247 __lock 67 API calls 69282->69283 69284 1000c79 69283->69284 69285 1000d32 __initterm 69284->69285 69288 10041b3 __decode_pointer 6 API calls 69284->69288 69298 1000d7d 69285->69298 69289 1000cb0 69288->69289 69289->69285 69292 10041b3 __decode_pointer 6 API calls 69289->69292 69291 1000d71 69303 1000b76 69291->69303 69296 1000cc5 69292->69296 69294 1000d7a __mtinitlocknum 69294->68841 69295 10041aa 6 API calls ___crtMessageBoxW 69295->69296 69296->69285 69296->69295 69297 10041b3 6 API calls __decode_pointer 69296->69297 69297->69296 69299 1000d83 69298->69299 69300 1000d5e 69298->69300 69306 100216d LeaveCriticalSection 69299->69306 69300->69294 69302 100216d LeaveCriticalSection 69300->69302 69302->69291 69307 1000b4b GetModuleHandleW 69303->69307 69306->69300 69308 1000b74 ExitProcess 69307->69308 69309 1000b5f GetProcAddress 69307->69309 69309->69308 69310 1000b6f 69309->69310 69310->69308

                                                                                                      Executed Functions

                                                                                                      Function 00F7DF30 Relevance: 33.6, APIs: 4, Strings: 15, Instructions: 309synchronizationCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 f7df30-f7df88 GetModuleFileNameA call f7d860 3 f7df8e-f7df96 0->3 4 f7e2bb-f7e2ce 0->4 5 f7df98-f7df9c 3->5 6 f7df9e-f7dfa0 5->6 7 f7dfb8-f7dfba 5->7 8 f7dfb4-f7dfb6 6->8 9 f7dfa2-f7dfa8 6->9 10 f7dfbd-f7dfbf 7->10 8->10 9->7 11 f7dfaa-f7dfb2 9->11 12 f7dfc1-f7dfcb call f7d050 10->12 13 f7dfd0-f7dfd5 10->13 11->5 11->8 12->4 14 f7dfd7-f7dfdb 13->14 16 f7dff7-f7dff9 14->16 17 f7dfdd-f7dfdf 14->17 21 f7dffc-f7dffe 16->21 19 f7dff3-f7dff5 17->19 20 f7dfe1-f7dfe7 17->20 19->21 20->16 22 f7dfe9-f7dff1 20->22 23 f7e000-f7e001 call f7d050 21->23 24 f7e00e-f7e013 21->24 22->14 22->19 27 f7e006-f7e009 23->27 26 f7e015-f7e019 24->26 28 f7e035-f7e037 26->28 29 f7e01b-f7e01d 26->29 27->4 30 f7e03a-f7e03c 28->30 31 f7e031-f7e033 29->31 32 f7e01f-f7e025 29->32 33 f7e03e-f7e043 call f7cf50 30->33 34 f7e048-f7e04f 30->34 31->30 32->28 35 f7e027-f7e02f 32->35 33->4 37 f7e050-f7e054 34->37 35->26 35->31 39 f7e056-f7e058 37->39 40 f7e070-f7e072 37->40 41 f7e06c-f7e06e 39->41 42 f7e05a-f7e060 39->42 43 f7e075-f7e077 40->43 41->43 42->40 44 f7e062-f7e06a 42->44 45 f7e0b6-f7e0bb call f87840 43->45 46 f7e079-f7e07e 43->46 44->37 44->41 45->4 48 f7e080-f7e084 46->48 50 f7e086-f7e088 48->50 51 f7e0a0-f7e0a2 48->51 52 f7e09c-f7e09e 50->52 53 f7e08a-f7e090 50->53 54 f7e0a5-f7e0a7 51->54 52->54 53->51 55 f7e092-f7e09a 53->55 56 f7e0c0-f7e0c5 54->56 57 f7e0a9-f7e0b0 call f87970 54->57 55->48 55->52 59 f7e0c7-f7e0cb 56->59 57->4 57->45 61 f7e0e7-f7e0e9 59->61 62 f7e0cd-f7e0cf 59->62 63 f7e0ec-f7e0ee 61->63 64 f7e0e3-f7e0e5 62->64 65 f7e0d1-f7e0d7 62->65 66 f7e123-f7e133 call f7d220 call f7ddc0 63->66 67 f7e0f0-f7e0f7 call f87970 63->67 64->63 65->61 68 f7e0d9-f7e0e1 65->68 66->4 77 f7e139-f7e141 66->77 67->4 73 f7e0fd-f7e113 call fa6fe0 67->73 68->59 68->64 73->4 80 f7e119-f7e11e call f87840 73->80 79 f7e143-f7e147 77->79 81 f7e163-f7e165 79->81 82 f7e149-f7e14b 79->82 80->4 86 f7e168-f7e16a 81->86 84 f7e15f-f7e161 82->84 85 f7e14d-f7e153 82->85 84->86 85->81 88 f7e155-f7e15d 85->88 89 f7e175-f7e1b4 CreateMutexA GetLastError call fa68f0 call ffd250 86->89 90 f7e16c-f7e171 call f7dca0 86->90 88->79 88->84 97 f7e1b7-f7e1bb 89->97 90->89 98 f7e1d7-f7e1d9 97->98 99 f7e1bd-f7e1bf 97->99 102 f7e1dc-f7e1de 98->102 100 f7e1d3-f7e1d5 99->100 101 f7e1c1-f7e1c7 99->101 100->102 101->98 103 f7e1c9-f7e1d1 101->103 104 f7e1e5-f7e1eb 102->104 105 f7e1e0-f7e1e3 102->105 103->97 103->100 107 f7e2b2-f7e2b4 104->107 108 f7e1f1-f7e1f4 104->108 106 f7e1fa-f7e221 call fd2ef0 call f619c0 105->106 115 f7e223-f7e225 106->115 116 f7e228-f7e232 call fd30d0 106->116 107->4 109 f7e2b6 107->109 108->106 108->107 109->4 111 f7e2b6 call f7db70 109->111 111->4 115->116 119 f7e234-f7e249 call f7d3a0 116->119 120 f7e27c-f7e29b call fa7b70 call fa6f60 call fa85e0 116->120 125 f7e250-f7e27a 119->125 126 f7e24b-f7e24d 119->126 130 f7e29e-f7e2b0 CloseHandle call fa6a80 120->130 125->120 125->130 126->125 130->4
                                                                                                      APIs
                                                                                                      • GetModuleFileNameA.KERNEL32(?,C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe,00000104,5998B951), ref: 00F7DF71
                                                                                                        • Part of subcall function 00F7D860: InterlockedIncrement.KERNEL32(?), ref: 00F7D9C2
                                                                                                        • Part of subcall function 00F7D860: InterlockedDecrement.KERNEL32(?), ref: 00F7D9D1
                                                                                                      • CreateMutexA.KERNEL32(00000000,00000001,F.lux), ref: 00F7E17E
                                                                                                      • GetLastError.KERNEL32 ref: 00F7E189
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CreateDecrementErrorFileIncrementLastModuleMutexName
                                                                                                      • String ID: /adminlockwingamma$/crash$/lockwingamma$/silentlock$/silentunlock$/unlockwingamma$/writeinstallversion$Back to normal?$C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe$F.lux$Return to Windows default color settings?$f.lux cannot find some files it needs and should be reinstalled$flux/#fluxicon$https://justgetflux.com/$noshow
                                                                                                      • API String ID: 1233863459-2395175459
                                                                                                      • Opcode ID: a03b22b2ceb43a1c6bba9600c1cff1c1775c9dc882fe49985fa525bf0491b293
                                                                                                      • Instruction ID: dca3ac089f9d53ba9a5d5d219e91a9d33c53f5a1d2e9dd7b369f9851d1bcd79d
                                                                                                      • Opcode Fuzzy Hash: a03b22b2ceb43a1c6bba9600c1cff1c1775c9dc882fe49985fa525bf0491b293
                                                                                                      • Instruction Fuzzy Hash: 74A12762E081844ACB205F744D927B63B675F2B364F9C85D7E8CACB292E657CD08E353
                                                                                                      Function 00F877C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37shutdownCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\,000F003F,?,?), ref: 00F877CA
                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 00F877D1
                                                                                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00F877EE
                                                                                                      • AdjustTokenPrivileges.KERNELBASE ref: 00F87816
                                                                                                      • ExitWindowsEx.USER32(00000012,80020003), ref: 00F87823
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProcessToken$AdjustCurrentExitLookupOpenPrivilegePrivilegesValueWindows
                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                      • API String ID: 1314775590-3733053543
                                                                                                      • Opcode ID: d590ff734b684f5b1e9645fd94dbcae852c023cd023907c4cf50ba25af60d5d4
                                                                                                      • Instruction ID: 62c819ff10d140aa74615a8fe11a11f2353274ee380a019f55a5a555296dbbc7
                                                                                                      • Opcode Fuzzy Hash: d590ff734b684f5b1e9645fd94dbcae852c023cd023907c4cf50ba25af60d5d4
                                                                                                      • Instruction Fuzzy Hash: F9F09075684304AFE260EFA4DC4EF6A37A8BB84B01F50860CF685D91C5D7BD96048B22
                                                                                                      Function 00FCF160 Relevance: 4.5, APIs: 3, Instructions: 43windowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 269 fcf160-fcf16d 270 fcf16f-fcf178 IsIconic 269->270 271 fcf186-fcf193 269->271 270->271 272 fcf17a-fcf180 ShowWindow 270->272 273 fcf19a-fcf1b7 DialogBoxParamA 271->273 274 fcf195 271->274 272->271 275 fcf1b9-fcf1c7 call fa6f00 call fa6820 273->275 276 fcf1ca-fcf1d3 call fa6820 273->276 274->273
                                                                                                      APIs
                                                                                                      • IsIconic.USER32(?), ref: 00FCF170
                                                                                                      • ShowWindow.USER32(?,00000009,?,?,00F7A053,?), ref: 00FCF180
                                                                                                      • DialogBoxParamA.USER32(?,?,?,00FCF1E0,?), ref: 00FCF1AA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DialogIconicParamShowWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 1678019983-0
                                                                                                      • Opcode ID: 8b423ab7b0b71c3788751ae90f682c671e780920ce280318ff7d12944857996f
                                                                                                      • Instruction ID: 084fc41535364f61a9530ef4ddcacb8b5a0a1699473c3f6eca280c221248e919
                                                                                                      • Opcode Fuzzy Hash: 8b423ab7b0b71c3788751ae90f682c671e780920ce280318ff7d12944857996f
                                                                                                      • Instruction Fuzzy Hash: 240181B5600601AFC3209B69ED09E17B7F9EF94760309C42EF455C3244EA38DD05DB70
                                                                                                      Function 00F7D050 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 149registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 135 f7d050-f7d063 call fa8e20 138 f7d211-f7d21a 135->138 139 f7d069-f7d070 call f87970 135->139 142 f7d072-f7d079 call f87e20 139->142 143 f7d07f-f7d086 call fa8d10 139->143 142->143 148 f7d1ee-f7d1f6 142->148 149 f7d0a7-f7d125 call fb5560 * 2 143->149 150 f7d088-f7d08f call fa8c60 143->150 159 f7d127-f7d12a 149->159 160 f7d12c 149->160 150->149 155 f7d091-f7d0a6 call fa84d0 150->155 162 f7d12e-f7d14c RegSetValueExA 159->162 160->162 163 f7d153 162->163 164 f7d14e-f7d151 162->164 165 f7d155-f7d16f RegSetValueExA call f87f80 163->165 164->165 168 f7d171-f7d18b call fb54e0 * 2 165->168 169 f7d18c-f7d1c3 call fcf160 165->169 174 f7d1c5 call f877c0 169->174 175 f7d1ca-f7d1cc 169->175 174->175 178 f7d1f7-f7d20c call fb54e0 * 2 175->178 179 f7d1ce-f7d1d2 175->179 178->138 179->178 181 f7d1d4-f7d1e9 call fb54e0 * 2 179->181 181->148
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FA8E20: __wsplitpath.LIBCMT ref: 00FA8E84
                                                                                                        • Part of subcall function 00FA8E20: __makepath_s.LIBCMT ref: 00FA8EC1
                                                                                                        • Part of subcall function 00FA8E20: InterlockedDecrement.KERNEL32(?), ref: 00FA8F19
                                                                                                        • Part of subcall function 00FA8E20: InterlockedIncrement.KERNEL32(?), ref: 00FA8F2C
                                                                                                        • Part of subcall function 00FB5560: InterlockedDecrement.KERNEL32(00000000), ref: 00FB55BC
                                                                                                        • Part of subcall function 00FB5560: InterlockedIncrement.KERNEL32(00000000), ref: 00FB55CF
                                                                                                        • Part of subcall function 00FB5560: RegCreateKeyExA.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,?,00000000,00000000,00F6251A), ref: 00FB55F6
                                                                                                      • RegSetValueExA.KERNEL32(?,00000000,00000000,00000004,?,00000004,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\,000F013F), ref: 00F7D144
                                                                                                      • RegSetValueExA.KERNEL32(80000002,00000000,00000000,00000004,?,00000004), ref: 00F7D165
                                                                                                        • Part of subcall function 00FCF160: IsIconic.USER32(?), ref: 00FCF170
                                                                                                        • Part of subcall function 00FCF160: ShowWindow.USER32(?,00000009,?,?,00F7A053,?), ref: 00FCF180
                                                                                                        • Part of subcall function 00FCF160: DialogBoxParamA.USER32(?,?,?,00FCF1E0,?), ref: 00FCF1AA
                                                                                                        • Part of subcall function 00F877C0: GetCurrentProcess.KERNEL32(00000028,?,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\,000F003F,?,?), ref: 00F877CA
                                                                                                        • Part of subcall function 00F877C0: OpenProcessToken.ADVAPI32(00000000,?,?), ref: 00F877D1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrementProcessValue$CreateCurrentDialogIconicOpenParamShowTokenWindow__makepath_s__wsplitpath
                                                                                                      • String ID: /unlockwingamma$GdiICMGammaRange$SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\$p
                                                                                                      • API String ID: 3092999981-434959712
                                                                                                      • Opcode ID: 38839b3d326b438f78ad4b149ed60ae5be854b75ca342e1fcfa74853ec861706
                                                                                                      • Instruction ID: 1d1ed477474287806c8aa0c8de69572b3bb81e0e15a9128e5a48e01cc0963059
                                                                                                      • Opcode Fuzzy Hash: 38839b3d326b438f78ad4b149ed60ae5be854b75ca342e1fcfa74853ec861706
                                                                                                      • Instruction Fuzzy Hash: E541E4B26083009AD310EF65CC8169EFBE4EFC5764F80492EF6C897241D6B5D909DB93
                                                                                                      Function 00F87F80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 191 f87f80-f87f86 call f87e20 193 f87f8b-f87f8d 191->193 194 f87f93-f8800f call fb5560 * 2 193->194 195 f880c6-f880ce 193->195 200 f88071-f88073 194->200 201 f88011-f88025 call fb56e0 194->201 202 f880b4-f880c1 call fb54e0 * 2 200->202 203 f88075-f88089 call fb56e0 200->203 201->200 210 f88027-f88032 201->210 202->195 203->202 214 f8808b-f88096 203->214 211 f88039 210->211 212 f88034-f88037 210->212 215 f8803b-f8804d 211->215 212->215 216 f88098-f8809b 214->216 217 f8809d 214->217 218 f8804e-f88070 RegSetValueExA call fb54e0 * 2 215->218 219 f8809f-f880b2 216->219 217->219 219->218
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FB5560: InterlockedDecrement.KERNEL32(00000000), ref: 00FB55BC
                                                                                                        • Part of subcall function 00FB5560: InterlockedIncrement.KERNEL32(00000000), ref: 00FB55CF
                                                                                                        • Part of subcall function 00FB5560: RegCreateKeyExA.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,?,00000000,00000000,00F6251A), ref: 00FB55F6
                                                                                                      • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000004,00000004,00000004,000F013F,?,80000002,SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0001,000F013F,?,80000002), ref: 00F8804E
                                                                                                        • Part of subcall function 00FB56E0: RegQueryValueExA.KERNEL32 ref: 00FB5712
                                                                                                      Strings
                                                                                                      • SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0001, xrefs: 00F87FE4
                                                                                                      • FeatureTestControl, xrefs: 00F87FBD, 00F87FF3
                                                                                                      • SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000, xrefs: 00F87FAA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InterlockedValue$CreateDecrementIncrementQuery
                                                                                                      • String ID: FeatureTestControl$SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000$SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0001
                                                                                                      • API String ID: 1894761435-406071708
                                                                                                      • Opcode ID: cb426ad14d352080f472dcd09c5540738062e4af94cd69ec2fbacc9fa97de975
                                                                                                      • Instruction ID: cfacafdc17cd5b83d7a1812ef2fa3130dec078fb360a2bc7e5febf4a03502946
                                                                                                      • Opcode Fuzzy Hash: cb426ad14d352080f472dcd09c5540738062e4af94cd69ec2fbacc9fa97de975
                                                                                                      • Instruction Fuzzy Hash: 82318B726083019BD310EF25C841AABB7E4EBD4B94F800D1DF699E3110E774EA0E9B52
                                                                                                      Function 01016910 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016919
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNumberOfPhysicalMonitorsFromHMONITOR), ref: 0101693F
                                                                                                      Strings
                                                                                                      • dxva2.dll, xrefs: 01016914
                                                                                                      • GetNumberOfPhysicalMonitorsFromHMONITOR, xrefs: 01016939
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: GetNumberOfPhysicalMonitorsFromHMONITOR$dxva2.dll
                                                                                                      • API String ID: 2574300362-3496582894
                                                                                                      • Opcode ID: b735e9638396597920eeb421c9948154561976b0026a22428fec41ce458bad64
                                                                                                      • Instruction ID: f154c93c6e2b176ccc371c873bf6f5cb52442404d65194d4a90ae407f14eaf7a
                                                                                                      • Opcode Fuzzy Hash: b735e9638396597920eeb421c9948154561976b0026a22428fec41ce458bad64
                                                                                                      • Instruction Fuzzy Hash: F3E01275A813096FC7762FB5AC0BB053656AB91A42F10C05EBAC19E14DEFFE81005F04
                                                                                                      Function 010168C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(Dwmapi.dll,00000000,00000008), ref: 010168C9
                                                                                                      • GetProcAddress.KERNEL32(00000000,DwmIsCompositionEnabled), ref: 010168EF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: DwmIsCompositionEnabled$Dwmapi.dll
                                                                                                      • API String ID: 2574300362-137364670
                                                                                                      • Opcode ID: b7359fbeb7fc0b3b85f7ff39886d5d8dbaf6c42125ce61d0ba1acb803baddee2
                                                                                                      • Instruction ID: b754d6d0b8ce23722207d11a107ab6ba24f06b46cdcf4740b124c1c1bef3d975
                                                                                                      • Opcode Fuzzy Hash: b7359fbeb7fc0b3b85f7ff39886d5d8dbaf6c42125ce61d0ba1acb803baddee2
                                                                                                      • Instruction Fuzzy Hash: 1EE08CB1A813165ECA652BB66C0AE0436629B40A02F20805AF3C28A15CDFBE80806F50
                                                                                                      Function 01016D50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(mscms.dll,00000000,00000008), ref: 01016D59
                                                                                                      • GetProcAddress.KERNEL32(00000000,InternalSetDeviceGammaRamp), ref: 01016D7F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: InternalSetDeviceGammaRamp$mscms.dll
                                                                                                      • API String ID: 2574300362-2521529607
                                                                                                      • Opcode ID: 8f3238297eadf5fad084eb0785ce960dec7cc0b3b90cc35d597e1926ce59ffb2
                                                                                                      • Instruction ID: f078e09cff74ee6290dd09cb51cb7413d7856e0082416de2aadb037220d35228
                                                                                                      • Opcode Fuzzy Hash: 8f3238297eadf5fad084eb0785ce960dec7cc0b3b90cc35d597e1926ce59ffb2
                                                                                                      • Instruction Fuzzy Hash: 9AE0EC76A913056EC6663B75AC0BB193A65BB80A03F10809EF6C29E18CEBBD84409F04
                                                                                                      Function 01016C60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(magnification.dll,00000000,00000008), ref: 01016C69
                                                                                                      • GetProcAddress.KERNEL32(00000000,MagInitialize), ref: 01016C8F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: MagInitialize$magnification.dll
                                                                                                      • API String ID: 2574300362-112552935
                                                                                                      • Opcode ID: 0913da4ec10bb8cff81cc49f62e3d67e5b2bcc5be6404c9e48df711564d017fd
                                                                                                      • Instruction ID: 9d229c18ced00dc048da01de50dc9a403da9b9a81cf841555d9267545a3e98fc
                                                                                                      • Opcode Fuzzy Hash: 0913da4ec10bb8cff81cc49f62e3d67e5b2bcc5be6404c9e48df711564d017fd
                                                                                                      • Instruction Fuzzy Hash: 99E0E672A813095EC6B53B766C47A263565AB40E22F10905EB6C39914DDBBE44416F04
                                                                                                      Function 00FB5560 Relevance: 4.6, APIs: 3, Instructions: 63registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 252 fb5560-fb5573 253 fb5582-fb558a 252->253 254 fb5575-fb557d 252->254 255 fb55aa-fb55b9 call f61250 253->255 256 fb558c-fb558e 253->256 254->253 261 fb55bb-fb55cc InterlockedDecrement 255->261 262 fb55e0-fb5601 RegCreateKeyExA 255->262 257 fb5591-fb5596 256->257 257->257 260 fb5598-fb55a6 call f9c500 257->260 260->255 264 fb55ce-fb55d5 InterlockedIncrement 261->264 265 fb55d7-fb55d9 261->265 264->262 265->262 267 fb55db call fbf5a0 265->267 267->262
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB55BC
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB55CF
                                                                                                      • RegCreateKeyExA.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,?,00000000,00000000,00F6251A), ref: 00FB55F6
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CreateCriticalDecrementEnterIncrementSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 1633325982-0
                                                                                                      • Opcode ID: 0ad6a8650f8c585f5bcaefc550a8ebf6d12a6708a48066ad78a443da5c78d84d
                                                                                                      • Instruction ID: 9fcd7c140a34375278d299b04b844e42634dc57d97de94c7681e03a19490fc36
                                                                                                      • Opcode Fuzzy Hash: 0ad6a8650f8c585f5bcaefc550a8ebf6d12a6708a48066ad78a443da5c78d84d
                                                                                                      • Instruction Fuzzy Hash: 471106325043116FD3328B02CC49FAB77EDEF84B15F288519F98197041D73CEA055BA0
                                                                                                      Function 00FB54E0 Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 283 fb54e0-fb54e9 call fb5610 286 fb54eb-fb54ef 283->286 287 fb54fe-fb5504 283->287 286->287 288 fb54f1-fb54f8 RegCloseKey 286->288 289 fb5506-fb5517 InterlockedDecrement 287->289 290 fb5535-fb553b 287->290 288->287 293 fb5519-fb5520 InterlockedIncrement 289->293 294 fb5522-fb5524 289->294 291 fb553d-fb5543 call ffd70f 290->291 292 fb5546-fb5551 290->292 291->292 295 fb552e 293->295 294->295 296 fb5526-fb5529 call fbf5a0 294->296 295->290 296->295
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FB5610: RegCloseKey.ADVAPI32(00000000,?,?,?,00000000,00F625C4), ref: 00FB5650
                                                                                                      • RegCloseKey.KERNEL32(00000000,00F6261A), ref: 00FB54F2
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB5507
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB551A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseInterlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2759496715-0
                                                                                                      • Opcode ID: 207f8372e9fd4eac6d24f59f8388cefc1be5ffb411837bc105d6cd29f5afb7b5
                                                                                                      • Instruction ID: aebdfa654c51e5b76f7e62ee8bdafa3cf9d8d26d06e7d11733736288de9cbc97
                                                                                                      • Opcode Fuzzy Hash: 207f8372e9fd4eac6d24f59f8388cefc1be5ffb411837bc105d6cd29f5afb7b5
                                                                                                      • Instruction Fuzzy Hash: E0F09671900E17ABDB316F26DD087A6B35ABF04B26F08C120EC15D7544E73DE960AF90
                                                                                                      Function 00FCF090 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 300 fcf090-fcf09a 301 fcf09c-fcf0aa KiUserCallbackDispatcher 300->301 302 fcf0b6-fcf0b9 300->302 307 fcf0b0-fcf0b3 301->307 303 fcf0bb-fcf0d0 EndDialog 302->303 304 fcf0d3-fcf0d6 302->304 306 fcf0d8-fcf0e2 304->306 304->307
                                                                                                      APIs
                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 00FCF0AA
                                                                                                      • EndDialog.USER32(?,00000000), ref: 00FCF0C7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackDialogDispatcherUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 1009233506-0
                                                                                                      • Opcode ID: cf8d0ce10d553c07cd0103852eb1ed5d78ed82a876b6d71b4df71dbbb2ceccc2
                                                                                                      • Instruction ID: 854c28424c9e5e687213cd0475916a041ddc0448fa04807af2452dac5f6cce24
                                                                                                      • Opcode Fuzzy Hash: cf8d0ce10d553c07cd0103852eb1ed5d78ed82a876b6d71b4df71dbbb2ceccc2
                                                                                                      • Instruction Fuzzy Hash: ABF0F4365401119FCB20DF68D585EDBB3E9FFAE310712885AF185C7215CA35DC8597D1
                                                                                                      Function 01000B76 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 310 1000b76-1000b87 call 1000b4b ExitProcess
                                                                                                      APIs
                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 01000B7E
                                                                                                        • Part of subcall function 01000B4B: GetModuleHandleW.KERNEL32(mscoree.dll,?,01000B83,?,?,00FFD1B3,000000FF,0000001E,?,010061D5,?,00000001,?,?,010021D1,00000018), ref: 01000B55
                                                                                                        • Part of subcall function 01000B4B: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01000B65
                                                                                                      • ExitProcess.KERNEL32 ref: 01000B87
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                      • String ID:
                                                                                                      • API String ID: 2427264223-0
                                                                                                      • Opcode ID: 453c471ebb04f8ee482cf2855e027118f40d348bc5b0bed2ce589c4e49421a7a
                                                                                                      • Instruction ID: dfef18bf8f60341923d2c7e09abf35bf18eaada417c91e766c2170783444650e
                                                                                                      • Opcode Fuzzy Hash: 453c471ebb04f8ee482cf2855e027118f40d348bc5b0bed2ce589c4e49421a7a
                                                                                                      • Instruction Fuzzy Hash: 2BB0923100010CBFDB122F12DC09C897F2AEB816A0B108025F94809065DF76EE929A91
                                                                                                      Function 00FB56E0 Relevance: 1.5, APIs: 1, Instructions: 27registryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 313 fb56e0-fb56e8 314 fb56ea-fb56ed 313->314 315 fb56ef 313->315 316 fb56f1-fb571a RegQueryValueExA 314->316 315->316 317 fb571c-fb571f 316->317 318 fb5721-fb5724 316->318 317->318
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: QueryValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 3660427363-0
                                                                                                      • Opcode ID: c23bcb9a66383b8714b4a26d69a4842519e948acbb671305f535c146a10f936c
                                                                                                      • Instruction ID: 6d898a578d08e9e2d0afd545e86ba4665662201a17d527c5c9312beac9790565
                                                                                                      • Opcode Fuzzy Hash: c23bcb9a66383b8714b4a26d69a4842519e948acbb671305f535c146a10f936c
                                                                                                      • Instruction Fuzzy Hash: 90F039B66046009FD350DF59C884F56B7F9AB98B00F24C92CE5C9C7204E376E809DF62
                                                                                                      Function 0100209B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 319 100209b-10020bd HeapCreate 320 10020c1-10020ca 319->320 321 10020bf-10020c0 319->321
                                                                                                      APIs
                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 010020B0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 10892065-0
                                                                                                      • Opcode ID: 4cfd008f5c2af66cead967c6202580c10c1a3a247f31d6acc999fed832079c68
                                                                                                      • Instruction ID: 9bbd9059dbf974e44ae4c08210c43c4eccd180656e49d42d4b4c494cbf2882b5
                                                                                                      • Opcode Fuzzy Hash: 4cfd008f5c2af66cead967c6202580c10c1a3a247f31d6acc999fed832079c68
                                                                                                      • Instruction Fuzzy Hash: 0BD05E76550309AEEB219F757C09B223BDC93843A5F148436B88DC6185F67AC681CB00
                                                                                                      Function 01000D92 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _doexit.LIBCMT ref: 01000D9E
                                                                                                        • Part of subcall function 01000C66: __lock.LIBCMT ref: 01000C74
                                                                                                        • Part of subcall function 01000C66: __decode_pointer.LIBCMT ref: 01000CAB
                                                                                                        • Part of subcall function 01000C66: __decode_pointer.LIBCMT ref: 01000CC0
                                                                                                        • Part of subcall function 01000C66: __decode_pointer.LIBCMT ref: 01000CEA
                                                                                                        • Part of subcall function 01000C66: __decode_pointer.LIBCMT ref: 01000D00
                                                                                                        • Part of subcall function 01000C66: __decode_pointer.LIBCMT ref: 01000D0D
                                                                                                        • Part of subcall function 01000C66: __initterm.LIBCMT ref: 01000D3C
                                                                                                        • Part of subcall function 01000C66: __initterm.LIBCMT ref: 01000D4C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                      • String ID:
                                                                                                      • API String ID: 1597249276-0
                                                                                                      • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                      • Instruction ID: 69fc3107d44d860469a54bb0cfd091fb93888cad8493561f26fa57ab63cb8296
                                                                                                      • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                      • Instruction Fuzzy Hash: 01B0127358030C77EA312642EC03F473F0D87D0BA0F240020FA0C1D1E0E9A3BA6180CA
                                                                                                      Function 010171B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(73900000), ref: 010171BA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 7408e75ab2fb5b7fe077ca51a43d1f297b31604c333c4473b8715d08046e16f4
                                                                                                      • Instruction ID: f5c939304bf9c6c18cb038c3782154fd6f45e9544868b26bfdeb09b2cb05ce98
                                                                                                      • Opcode Fuzzy Hash: 7408e75ab2fb5b7fe077ca51a43d1f297b31604c333c4473b8715d08046e16f4
                                                                                                      • Instruction Fuzzy Hash: E9B012706001014B9E218BA99C48A0137AD97012003044040B480C2008C62DD100CF14
                                                                                                      Function 010171D0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(6E3D0000), ref: 010171DA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: efa9749fe91125510091df821875f4fe63a31828a9ec3655c95523e8e869446b
                                                                                                      • Instruction ID: d3a76d0b040a08e15283adee66e815c344d6804129010beb13dbc6b4cbfc6193
                                                                                                      • Opcode Fuzzy Hash: efa9749fe91125510091df821875f4fe63a31828a9ec3655c95523e8e869446b
                                                                                                      • Instruction Fuzzy Hash: 55B001B1A102019BAE629B69A94AA163AADAB41681314C495BD81D2149DA2EE600CF24
                                                                                                      Function 01017340 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(6E470000), ref: 0101734A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: 92895e16b2dd4f36b47336dd8b68929f53e33b38d2d4863705c385e1828a115b
                                                                                                      • Instruction ID: 6906fe351a9c2e1d01bf3d3189c115220a965bab9c6b181e6cffee80de219d62
                                                                                                      • Opcode Fuzzy Hash: 92895e16b2dd4f36b47336dd8b68929f53e33b38d2d4863705c385e1828a115b
                                                                                                      • Instruction Fuzzy Hash: 3EB012726001005F9E619B359848A1137AC6B4060030880446D80D1008C62ED140DF10
                                                                                                      Function 010173A0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(6C920000), ref: 010173AA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 3664257935-0
                                                                                                      • Opcode ID: c11ff6af8be3ab47c1b8bf7dc60bdc7f1dab49b71db2dbc87fc15230a0833e0f
                                                                                                      • Instruction ID: 2e199e8484b4ca261f3c76f5073588b8e352011935b196265dd31eeab35b8dfe
                                                                                                      • Opcode Fuzzy Hash: c11ff6af8be3ab47c1b8bf7dc60bdc7f1dab49b71db2dbc87fc15230a0833e0f
                                                                                                      • Instruction Fuzzy Hash: 57B001B2A102019BAE62AB69AD49A267BACAB41641704C495AD81D3148DA2EE600CF24

                                                                                                      Non-executed Functions

                                                                                                      Function 00F7C0D0 Relevance: 42.7, APIs: 9, Strings: 15, Instructions: 659COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __time64
                                                                                                      • String ID: flux/changeloc$flux/exit$flux/expandcolor$flux/extraknob$flux/hamburger$flux/mainslider$flux/planetslider0$flux/planetslider1$flux/planetslider2$flux/preset$flux/presetback$flux/preview$flux/stepdown$flux/stepup$flux/wrench
                                                                                                      • API String ID: 399556195-1183314627
                                                                                                      • Opcode ID: 2cc2e68e219fe9812163433b17f2ed003dd66ac8cae6b687d73687c77bf591e4
                                                                                                      • Instruction ID: 3b4d1bbf1f9dc0479ec97d3d5767a70f5f3f0aec175a761cc3c57f6f04f9e734
                                                                                                      • Opcode Fuzzy Hash: 2cc2e68e219fe9812163433b17f2ed003dd66ac8cae6b687d73687c77bf591e4
                                                                                                      • Instruction Fuzzy Hash: C6321A32A042504BC721DF3488D07BEB752AF56760F58C66FE88D9B142DB26D889E7C3
                                                                                                      Function 00FC5100 Relevance: 40.7, APIs: 19, Strings: 4, Instructions: 482registrystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrcmpiA.KERNEL32(?,Delete), ref: 00FC5188
                                                                                                      • lstrcmpiA.KERNEL32(?,ForceRemove), ref: 00FC5197
                                                                                                      • CharNextA.USER32(?,?), ref: 00FC51E6
                                                                                                      • lstrlenA.KERNEL32(?,?,?,?), ref: 00FC525F
                                                                                                      • lstrcmpiA.KERNEL32(?,NoRemove), ref: 00FC52C1
                                                                                                      • lstrcmpiA.KERNEL32(?,Val), ref: 00FC52EB
                                                                                                      • RegDeleteValueA.ADVAPI32(?,?,00020006,?,?), ref: 00FC53B9
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00FC53D1
                                                                                                      • CharNextA.USER32(?,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5406
                                                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,0002001F,00000000,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC543E
                                                                                                      • RegCloseKey.ADVAPI32(0000007B,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5453
                                                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,00000000,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5480
                                                                                                      • RegCloseKey.ADVAPI32(0000007B,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5495
                                                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,00000000,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5524
                                                                                                      • RegCloseKey.ADVAPI32(0000007B,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5539
                                                                                                      • __cftof.LIBCMT ref: 00FC556B
                                                                                                      • lstrlenA.KERNEL32(?,?), ref: 00FC55A6
                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 00FC5684
                                                                                                        • Part of subcall function 00FC3540: RegCloseKey.ADVAPI32(00000000,00FC56F9,?,?), ref: 00FC3547
                                                                                                      • RegCloseKey.ADVAPI32(0000007B,?,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5750
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Close$lstrcmpi$Open$CharNextlstrlen$DeleteValue__cftof
                                                                                                      • String ID: Delete$ForceRemove$NoRemove$Val
                                                                                                      • API String ID: 1055237396-1781481701
                                                                                                      • Opcode ID: 6da26380f756299f83f07f2c4bada27dd03c531a2f88d3a21ad8b4e90d4cec73
                                                                                                      • Instruction ID: 568d9bf40bc721ab24a2de0df2a967271d50d572bf536e1d8286b91446b9d950
                                                                                                      • Opcode Fuzzy Hash: 6da26380f756299f83f07f2c4bada27dd03c531a2f88d3a21ad8b4e90d4cec73
                                                                                                      • Instruction Fuzzy Hash: C802D271908B078BC721DF648A92F6FB7E9AFC4B50F14081DF58593201DB78ED85AB92
                                                                                                      Function 00F74240 Relevance: 28.4, APIs: 11, Strings: 5, Instructions: 425threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetForegroundWindow.USER32 ref: 00F74250
                                                                                                      • GetSystemMetrics.USER32(00001000), ref: 00F742C7
                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00F742EA
                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00F742F0
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F74525
                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00F74551
                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00F74560
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7475B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7476A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F74782
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F74791
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$MetricsSystemWindow$Process$CurrentForegroundRectThread
                                                                                                      • String ID: explorer.exe$f.lux is disabled$flux.exe$flux_d.exe$for %s
                                                                                                      • API String ID: 4186391536-2399668114
                                                                                                      • Opcode ID: d235c249f74d11bffbe984aeda259a3f35433fde47c8d5335254532fbc566499
                                                                                                      • Instruction ID: 04a1f514849d7e0404ed5423c476fb7bef5217d7e25b6926564f87745809b847
                                                                                                      • Opcode Fuzzy Hash: d235c249f74d11bffbe984aeda259a3f35433fde47c8d5335254532fbc566499
                                                                                                      • Instruction Fuzzy Hash: 3CF1C271A043418BD724DF24CC41BAEB7E4AF85354F048A1EF89D97181EB78EA49EB53
                                                                                                      Function 00F92780 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 260COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __wsplitpath.LIBCMT ref: 00F9280C
                                                                                                        • Part of subcall function 0100055C: __splitpath_helper.LIBCMT ref: 0100059E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9284D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F92860
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalDecrementEnterIncrementSection__splitpath_helper__wsplitpath
                                                                                                      • String ID: preset
                                                                                                      • API String ID: 1304801485-744481842
                                                                                                      • Opcode ID: 62dcad7c945275a8d333ba9be128cac53dd6f4ae27456f3f8c713b656423aa69
                                                                                                      • Instruction ID: 15a667d0b8a57833f2f4fc407e177547d0486b883e685014fcec390c35f08a2f
                                                                                                      • Opcode Fuzzy Hash: 62dcad7c945275a8d333ba9be128cac53dd6f4ae27456f3f8c713b656423aa69
                                                                                                      • Instruction Fuzzy Hash: E0916273504341ABEB75EF64CC84AAF73A8AF84310F44492EF595D7141D738EA48EB92
                                                                                                      Function 00F73140 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 398sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Sleep.KERNEL32(00000001,?), ref: 00F73255
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7331B
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: IncrementInterlockedSleep_malloc
                                                                                                      • String ID: $$\log\%d-%s.bmp$\log\%d8.bmp
                                                                                                      • API String ID: 2405944770-1811394144
                                                                                                      • Opcode ID: 5ccea11c70085d67e2e3f81edaa85611ba634be711c512e293306b3b6c3ec59b
                                                                                                      • Instruction ID: 5b98c7f395fcddf828a14b3fbfdf98d3f0d99dee85e1d6a03a080d0b2d894bda
                                                                                                      • Opcode Fuzzy Hash: 5ccea11c70085d67e2e3f81edaa85611ba634be711c512e293306b3b6c3ec59b
                                                                                                      • Instruction Fuzzy Hash: AAF18F719083419FC724DF29C88065EFBE1BF89300F04892EE99997351D774EA45EB93
                                                                                                      Function 00F731EB Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 333sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                      • Sleep.KERNEL32(00000001,?), ref: 00F73255
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7331B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: IncrementInterlockedSleep_malloc
                                                                                                      • String ID: $$\log\%d-%s.bmp$\log\%d8.bmp
                                                                                                      • API String ID: 2405944770-1811394144
                                                                                                      • Opcode ID: a4a13ec5013a4b17176f5c71bd17e5e3ade5f8cede1054308dcfd96d123bad66
                                                                                                      • Instruction ID: 5db175fe23c0ce306343cdaf4f63f51ed769db822c1e761e63fa83799d1e9abd
                                                                                                      • Opcode Fuzzy Hash: a4a13ec5013a4b17176f5c71bd17e5e3ade5f8cede1054308dcfd96d123bad66
                                                                                                      • Instruction Fuzzy Hash: EBD16E729087419FC724DF29C88065AFBE1BF89300F05892EE99997311DB75EA44EB93
                                                                                                      Function 00F7336E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 235COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F734EE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F73501
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: $$\log\%d-%s.bmp$\log\%d8.bmp
                                                                                                      • API String ID: 2172605799-1811394144
                                                                                                      • Opcode ID: 5eaf3ebd87ca0c16c93a861a710a5064cc564ca576b2ef6a1bd0347bc9559df0
                                                                                                      • Instruction ID: fb58a34e4eca597828590bc203f70e66850a856b92a46ba429617e450ebc2e28
                                                                                                      • Opcode Fuzzy Hash: 5eaf3ebd87ca0c16c93a861a710a5064cc564ca576b2ef6a1bd0347bc9559df0
                                                                                                      • Instruction Fuzzy Hash: C19161729087529FC724DF28C88166EB7E1FFC5300F05892EE9D997311DB34EA45AB92
                                                                                                      Function 00F88500 Relevance: 12.4, APIs: 8, Instructions: 406COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F88616
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F88625
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F88664
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F88839
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F88848
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8885E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8886D
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                        • Part of subcall function 00FFD74D: __wcstoi64.LIBCMT ref: 00FFD759
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F88673
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSection$EnterLeave__wcstoi64
                                                                                                      • String ID:
                                                                                                      • API String ID: 154746636-0
                                                                                                      • Opcode ID: 0f39a7e8e59bccb000d89b819b2df7fe3f2e31170075e3ed6968757a1b4698b2
                                                                                                      • Instruction ID: 3ee2ce63252e2e8ff2e53bbe238445cb14f8e84d8208d50c69c27a4ea8bcfc38
                                                                                                      • Opcode Fuzzy Hash: 0f39a7e8e59bccb000d89b819b2df7fe3f2e31170075e3ed6968757a1b4698b2
                                                                                                      • Instruction Fuzzy Hash: 55D15A32A043049BD710FA32CC817ABB3A4AF553D0F988619FD85BB191EF39E946B751
                                                                                                      Function 00FA4EC0 Relevance: 9.1, APIs: 6, Instructions: 52windowthreadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 00FA4ED4
                                                                                                      • IsIconic.USER32(?), ref: 00FA4EE2
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00FA4EEC
                                                                                                      • ShowWindowAsync.USER32(?), ref: 00FA4F0C
                                                                                                      • ShowWindow.USER32(?,-00000008), ref: 00FA4F26
                                                                                                      • SetForegroundWindow.USER32(?), ref: 00FA4F34
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Show$AsyncCurrentForegroundIconicThreadVisible
                                                                                                      • String ID:
                                                                                                      • API String ID: 3229366112-0
                                                                                                      • Opcode ID: 94f6fe4768c85f021c4d57ee6df00f98aaff2d0bc88ef67a5ded4c89d2bd1397
                                                                                                      • Instruction ID: 078efd08f6acf5dcc54afb042a6e3dd67d4b7f774a6e68a1e27c50ea6f6d5352
                                                                                                      • Opcode Fuzzy Hash: 94f6fe4768c85f021c4d57ee6df00f98aaff2d0bc88ef67a5ded4c89d2bd1397
                                                                                                      • Instruction Fuzzy Hash: 2A0175B26946009F97249B79D899A6773E8BB91325318CA1EF492C3184DBBDF900DB20
                                                                                                      Function 00FA6F00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,00FCF1BE,?,?,00F7A053,?), ref: 00FA6F01
                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,?,00FCF1BE,?,?,00F7A053,?), ref: 00FA6F21
                                                                                                      • MessageBoxA.USER32(00000000,?,Error,00000040), ref: 00FA6F3A
                                                                                                      • LocalFree.KERNEL32(00000000,?,Error,00000040,?,00FCF1BE,?,?,00F7A053,?), ref: 00FA6F44
                                                                                                        • Part of subcall function 00FA6820: IsWindow.USER32(00000000), ref: 00FA683C
                                                                                                        • Part of subcall function 00FA6820: IsWindowVisible.USER32(00000000), ref: 00FA684C
                                                                                                        • Part of subcall function 00FA6820: PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00FA6862
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Window$ErrorFormatFreeLastLocalPostVisible
                                                                                                      • String ID: Error
                                                                                                      • API String ID: 1960856411-2619118453
                                                                                                      • Opcode ID: 0816b7629bc60243e1d768f8a3859518550ce8ecfb2cc597e041676747674cef
                                                                                                      • Instruction ID: f76e6c4f83434faed7a7f0304ee9e9e8c1dcf46e86fa4dc263bfb32213c35c9b
                                                                                                      • Opcode Fuzzy Hash: 0816b7629bc60243e1d768f8a3859518550ce8ecfb2cc597e041676747674cef
                                                                                                      • Instruction Fuzzy Hash: 22E012B4284300BFE2255B60DC5AF663769EB48F42F10850DF7C1D91C4DBBDA5008B25
                                                                                                      Function 00F9AAE0 Relevance: 7.8, APIs: 5, Instructions: 294COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CounterPerformanceQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2783962273-0
                                                                                                      • Opcode ID: 49edca168921978537f511c5688e990439633b2cc426ac63e154d7a629797937
                                                                                                      • Instruction ID: 46c35f6b20dd5a98555b900dca5c2a80ddb215658dc993597ce4a8f2c178e0a0
                                                                                                      • Opcode Fuzzy Hash: 49edca168921978537f511c5688e990439633b2cc426ac63e154d7a629797937
                                                                                                      • Instruction Fuzzy Hash: 80D15776D18B85CBD720DF2688802ABF7F5BFDA340F009B0EF49526151EB799484EB52
                                                                                                      Function 00FFCEB0 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 01001CB7
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01001CCC
                                                                                                      • UnhandledExceptionFilter.KERNEL32(01018CB4), ref: 01001CD7
                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 01001CF3
                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 01001CFA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                      • String ID:
                                                                                                      • API String ID: 2579439406-0
                                                                                                      • Opcode ID: 98e8db4f8d269361778c6e687011cea6f7488cd93c59d94da31ad26afc891375
                                                                                                      • Instruction ID: 76432b3dc340a6737118291f21011fc9353bacd1a9e12baddd0d03529b038f18
                                                                                                      • Opcode Fuzzy Hash: 98e8db4f8d269361778c6e687011cea6f7488cd93c59d94da31ad26afc891375
                                                                                                      • Instruction Fuzzy Hash: 4021CEBC900208DFD7A5DFA4E6886563BE4FB18310F50921AF5C89725CE77E9988CF85
                                                                                                      Function 00FD61E0 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000002), ref: 00FD6213
                                                                                                      • InterlockedDecrement.KERNEL32(00000002), ref: 00FD6222
                                                                                                      • InterlockedIncrement.KERNEL32(00000002), ref: 00FD628A
                                                                                                      • InterlockedDecrement.KERNEL32(00000002), ref: 00FD6299
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: cc8abc7b58df6cdad2f37ca09266b99710fa064fc4b53334cf19c52abfb905cd
                                                                                                      • Instruction ID: 0d62938ae4831465ab4c1316aaeeac89fec35b03d5f7d09f3a7ae0d0ac395f95
                                                                                                      • Opcode Fuzzy Hash: cc8abc7b58df6cdad2f37ca09266b99710fa064fc4b53334cf19c52abfb905cd
                                                                                                      • Instruction Fuzzy Hash: 76819531A047418FEB75CB28C488BAA77E7AF85314F1D465AD0AAC73E5CB35E846E710
                                                                                                      Function 00F728E0 Relevance: 4.7, APIs: 3, Instructions: 184timeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SystemParametersInfoA.USER32(0000005D,00000000,00000000,00000000), ref: 00F72A71
                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00F72B34
                                                                                                      • SystemTimeToVariantTime.OLEAUT32(?,?), ref: 00F72B52
                                                                                                        • Part of subcall function 00F79B00: PostMessageA.USER32(?,00989681,00000000,00000000), ref: 00F79B83
                                                                                                        • Part of subcall function 00F79B00: __time64.LIBCMT ref: 00F79B8B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Time$System$InfoLocalMessageParametersPostVariant__time64
                                                                                                      • String ID:
                                                                                                      • API String ID: 724165156-0
                                                                                                      • Opcode ID: 18a87f01760e299d35a4b5625ef8fc88a6fa333609fe3c5b15310393588d1308
                                                                                                      • Instruction ID: 1639ca898023ea471b1a658ee25e58a6301890a7df380398657effa577a58f08
                                                                                                      • Opcode Fuzzy Hash: 18a87f01760e299d35a4b5625ef8fc88a6fa333609fe3c5b15310393588d1308
                                                                                                      • Instruction Fuzzy Hash: 30718D32A04A859AD376EB38C8417EAF7A4BF52350F08C706E4DC67192DB7C64D5E782
                                                                                                      Function 00F91040 Relevance: 3.0, APIs: 2, Instructions: 50encryptionCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CryptAcquireContextA.ADVAPI32(010C7090,00000000,00000000,00000001,F0000000,7591E7E0,0102F3C8), ref: 00F9106A
                                                                                                      • CryptGenRandom.ADVAPI32(00000000,00000010,7591E7E0,7591E7E0,0102F3C8), ref: 00F91092
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Crypt$AcquireContextRandom
                                                                                                      • String ID:
                                                                                                      • API String ID: 2163786899-0
                                                                                                      • Opcode ID: 8fccdb1e801bb11e91a0ddefcb123f0263c8e25c5f1f9526d6d60695818b27d0
                                                                                                      • Instruction ID: f06b623e2d4eb048e82e85372cb0f3c82d3e8add458a11e10376fd88df8ab151
                                                                                                      • Opcode Fuzzy Hash: 8fccdb1e801bb11e91a0ddefcb123f0263c8e25c5f1f9526d6d60695818b27d0
                                                                                                      • Instruction Fuzzy Hash: 7F01F531A043469FEB60EB34DD46B2E73E5BFC4704F50492DF185C70A2EB6A99849B82
                                                                                                      Function 00FA8920 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,00000059,00000009,00000009,?,?,?,?,?,?,?,?,?,?,00F91E2B), ref: 00FA895F
                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,0000005A,?,00000009,?,?,?,?,?,?,?,?,?,00F91E2B), ref: 00FA8973
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 2299586839-0
                                                                                                      • Opcode ID: 6136e214ccd68748cc0b57c3ac822e462bad3993dad39c87d5d1cd6e660d8c4b
                                                                                                      • Instruction ID: 9c1288b4914baf3147ae235be6fbc7ef968d2b39821b5ffdfff44ffbdc7f6a2a
                                                                                                      • Opcode Fuzzy Hash: 6136e214ccd68748cc0b57c3ac822e462bad3993dad39c87d5d1cd6e660d8c4b
                                                                                                      • Instruction Fuzzy Hash: F901B175A18705AED300DB14CC05BABB7E4AFD9700F00870DF18496180FBB4AA48CB83
                                                                                                      Function 01012175 Relevance: 2.5, APIs: 2, Instructions: 17memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 01012189
                                                                                                      • HeapFree.KERNEL32(00000000), ref: 01012190
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Heap$FreeProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 3859560861-0
                                                                                                      • Opcode ID: b304db8ad668244931ff59eea1e590da1ee3a039a0146e06195cbc4839bbe092
                                                                                                      • Instruction ID: 6e8030ad743c737677874e4da5d29af9197f8b8b775b632a9eb2b07fc4d7364b
                                                                                                      • Opcode Fuzzy Hash: b304db8ad668244931ff59eea1e590da1ee3a039a0146e06195cbc4839bbe092
                                                                                                      • Instruction Fuzzy Hash: 08D0C776440204EBCF606BD4B54CA963B5EE744616F504541F55DC6415C73FD5608B50
                                                                                                      Function 01009011 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000A8FCF), ref: 01009016
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                      • String ID:
                                                                                                      • API String ID: 3192549508-0
                                                                                                      • Opcode ID: 0f2aba453896e7b871b9df729e76a94716a6e99800673d2358925b27f5c56826
                                                                                                      • Instruction ID: 0116aabe67783f2a1e0d791be7309c4197950bb5d8fb7820469c82e639cc90da
                                                                                                      • Opcode Fuzzy Hash: 0f2aba453896e7b871b9df729e76a94716a6e99800673d2358925b27f5c56826
                                                                                                      • Instruction Fuzzy Hash: D5900271A515444656512771591E4157696BE4850AB41845AA395C8048DF9942005611
                                                                                                      Function 00FEA890 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e440e5a357eb2521970d89d9395975466347332a6736753542d9a199f7ef8e00
                                                                                                      • Instruction ID: 5dfa565bb76d95dd65e7cd6d39f50da6abe3b70819cd117fa609c3f71ab0ecde
                                                                                                      • Opcode Fuzzy Hash: e440e5a357eb2521970d89d9395975466347332a6736753542d9a199f7ef8e00
                                                                                                      • Instruction Fuzzy Hash: E8113DB9D09209AF9B05DF99D9805EEFBB8FF09310F2045AAE815E3300D6715E51CBA5
                                                                                                      Function 00F7AC88 Relevance: 80.8, APIs: 40, Strings: 6, Instructions: 336COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7ACDE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7ACF3
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7ACF6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AD05
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AD6D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AD7C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AD7F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AD8E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7ADE6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7ADF5
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7ADF8
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AE07
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AE5F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AE6E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AE71
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AE80
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AED8
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AEE7
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AEEA
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AEF9
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AF53
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AF66
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7AF69
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7AF78
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$_strncmp
                                                                                                      • String ID: group$message$mode$promo$tag$url
                                                                                                      • API String ID: 2147874634-625312993
                                                                                                      • Opcode ID: d9d50e505eac778b255f22087ea75f3660d8d4ab1a5069f3e94c4b6ea3776624
                                                                                                      • Instruction ID: 4b38c67dad1ae66eb3ce207ed97091b05cb8f31f3f616020c17947ea14f0a7a4
                                                                                                      • Opcode Fuzzy Hash: d9d50e505eac778b255f22087ea75f3660d8d4ab1a5069f3e94c4b6ea3776624
                                                                                                      • Instruction Fuzzy Hash: FBB1D8B28057519BD735AB20CC85BAFB3A8EFC1700F05882AF588D7145DB7CDA05A7A7
                                                                                                      Function 00FBB2C0 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 369memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysAllocString.OLEAUT32(Select * from Win32_VideoController), ref: 00FBB2E2
                                                                                                        • Part of subcall function 00FB69E0: SysAllocString.OLEAUT32(WQL), ref: 00FB6A05
                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00FBB72E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: String$Alloc$Free
                                                                                                      • String ID: AdapterCompatibility$Description$DriverDate$DriverVersion$Select * from Win32_VideoController$WQL
                                                                                                      • API String ID: 2383597386-139294824
                                                                                                      • Opcode ID: 414d54f44df93464cf7066a80c9f1ef3c23342dc4108d2953de81e9b1fae8049
                                                                                                      • Instruction ID: 775a7c63760fe487012b656577d04dcf272d12cd454243793ba7d3310eec0de3
                                                                                                      • Opcode Fuzzy Hash: 414d54f44df93464cf7066a80c9f1ef3c23342dc4108d2953de81e9b1fae8049
                                                                                                      • Instruction Fuzzy Hash: D6D138B29083459FC720DFA5CC80AAFB7E9AF84304F04492DF58597115DB78EE489FA2
                                                                                                      Function 00F8C650 Relevance: 63.4, APIs: 34, Strings: 2, Instructions: 379timesleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C682
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C695
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C6B0
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C6C3
                                                                                                      • timeGetTime.WINMM(?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C716
                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C730
                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C75F
                                                                                                      • timeGetTime.WINMM(?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C775
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C7B1
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C7C0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C7E2
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C7F5
                                                                                                      • DeleteUrlCacheEntry.WININET(00000000), ref: 00F8C823
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C87A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C889
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C88C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C89B
                                                                                                      • timeGetTime.WINMM(?,?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C8D3
                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C913
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C94D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C95C
                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?poll=1,?wait=1,?,?), ref: 00F8C990
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F8C99B
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F8C9AA
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C9DA
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C9ED
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F8CA30
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F8CA3F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CA57
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CA66
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CA7C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CA8B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CAE9
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CAF8
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$Timetime$CriticalPerformanceQuerySectionSleep$CacheCounterDeleteEnterEntryFrequencyLeave
                                                                                                      • String ID: ?poll=1$?wait=1
                                                                                                      • API String ID: 2274429618-3762540536
                                                                                                      • Opcode ID: 1bbfc380db9d8426bf06657c2db6f2c657bd180e5ffdbbb070d712d44b290cc0
                                                                                                      • Instruction ID: c5f8d14abc1ac587bad490063d3703df8834d9d4069c27750b9d921c0fd81947
                                                                                                      • Opcode Fuzzy Hash: 1bbfc380db9d8426bf06657c2db6f2c657bd180e5ffdbbb070d712d44b290cc0
                                                                                                      • Instruction Fuzzy Hash: AED1E2729046159FD321FF24DC847AEBBA8EF80360F144529E885E3145EB3DD949ABF2
                                                                                                      Function 00F813C0 Relevance: 60.0, APIs: 24, Strings: 10, Instructions: 453COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F80A60: InterlockedIncrement.KERNEL32(010C7098), ref: 00F80AAD
                                                                                                        • Part of subcall function 00F80A60: InterlockedDecrement.KERNEL32(?), ref: 00F80BA2
                                                                                                        • Part of subcall function 00F80A60: InterlockedIncrement.KERNEL32(?), ref: 00F80BB5
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F81482
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F81491
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F814AB
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F814BA
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F81571
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F81580
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8159A
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F815A9
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F81660
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F8166F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F81689
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F81698
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F8174F
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F8175E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F81778
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F81787
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F8183E
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F8184D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F81867
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F8192F
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F8193E
                                                                                                      • InterlockedDecrement.KERNEL32(0000002F), ref: 00F819EA
                                                                                                      • InterlockedIncrement.KERNEL32(0000002F), ref: 00F819F9
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F81876
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      • Read the f.lux FAQ, xrefs: 00F81544
                                                                                                      • https://justgetflux.com/windows/forum.html, xrefs: 00F8160E
                                                                                                      • https://justgetflux.com/windows/release.html, xrefs: 00F816FD
                                                                                                      • https://justgetflux.com/windows/support.html, xrefs: 00F8151F
                                                                                                      • https://justgetflux.com/windows/contribute.html, xrefs: 00F81428
                                                                                                      • Visit the f.lux Forum, xrefs: 00F81633
                                                                                                      • fluxometer.com: some models of how light affects you, xrefs: 00F81811
                                                                                                      • https://justgetflux.com/windows/moreabout.html, xrefs: 00F817EC
                                                                                                      • Make a donation to support f.lux, xrefs: 00F8144F
                                                                                                      • Read release notes, xrefs: 00F81722
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Increment$Decrement$CriticalSection$EnterLeave
                                                                                                      • String ID: Make a donation to support f.lux$Read release notes$Read the f.lux FAQ$Visit the f.lux Forum$fluxometer.com: some models of how light affects you$https://justgetflux.com/windows/contribute.html$https://justgetflux.com/windows/forum.html$https://justgetflux.com/windows/moreabout.html$https://justgetflux.com/windows/release.html$https://justgetflux.com/windows/support.html
                                                                                                      • API String ID: 1600655804-1525489394
                                                                                                      • Opcode ID: 25d05d8a5332227dc3d9c07f39fecabc6eb540bb55bdcaab5e120a1258c55fc2
                                                                                                      • Instruction ID: 82a852cbf44713726dd84a40da913feb7ccf141a55e45f02c38ec3fb33acc917
                                                                                                      • Opcode Fuzzy Hash: 25d05d8a5332227dc3d9c07f39fecabc6eb540bb55bdcaab5e120a1258c55fc2
                                                                                                      • Instruction Fuzzy Hash: 76F1EB72914B455ED222EF31C852BDEF36CBF56780F04CB1AF447B1042EB2CA596AB61
                                                                                                      Function 00F7A5D0 Relevance: 58.1, APIs: 28, Strings: 5, Instructions: 381COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A684
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A699
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A69C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A6AB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A70D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A71C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A71F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A72E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A782
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A795
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: group$mode$offer$tag$version
                                                                                                      • API String ID: 2172605799-2963570860
                                                                                                      • Opcode ID: 709024187efbf78ac58cd4aea4a02c74010f0d149382d322e7c32a2ac91d6807
                                                                                                      • Instruction ID: 5f4075906c1d21ea42da9725e1a5be722c831cf05cbb1c4ef07f25d0df25e952
                                                                                                      • Opcode Fuzzy Hash: 709024187efbf78ac58cd4aea4a02c74010f0d149382d322e7c32a2ac91d6807
                                                                                                      • Instruction Fuzzy Hash: B8D1A4724147119BD725EB20CC81B6FB3A8AFC1714F06892EF999D7141DB3CDA05ABA3
                                                                                                      Function 00F96360 Relevance: 56.4, APIs: 22, Strings: 10, Instructions: 438sleepkeyboardwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F969B8
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F969C7
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F969ED
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F969FC
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F96A1C
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F96A2B
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F96A3D
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F96A4C
                                                                                                        • Part of subcall function 00F96CF0: InterlockedDecrement.KERNEL32(?), ref: 00F96D72
                                                                                                        • Part of subcall function 00F96CF0: InterlockedIncrement.KERNEL32(?), ref: 00F96D85
                                                                                                        • Part of subcall function 00F96CF0: InterlockedDecrement.KERNEL32(?), ref: 00F96DBD
                                                                                                        • Part of subcall function 00F96CF0: InterlockedIncrement.KERNEL32(?), ref: 00F96DD0
                                                                                                        • Part of subcall function 00F96CF0: InterlockedIncrement.KERNEL32(?), ref: 00F96E26
                                                                                                        • Part of subcall function 00F96CF0: InterlockedDecrement.KERNEL32(?), ref: 00F96E39
                                                                                                      • __wsplitpath.LIBCMT ref: 00F963F8
                                                                                                        • Part of subcall function 0100055C: __splitpath_helper.LIBCMT ref: 0100059E
                                                                                                        • Part of subcall function 00FC12F0: URLDownloadToCacheFileA.URLMON(00000000,00000000,?,00000104,00000000,00000000), ref: 00FC132C
                                                                                                      • GetAsyncKeyState.USER32(00000010), ref: 00F9649F
                                                                                                      • MessageBeep.USER32(00000000), ref: 00F96503
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96587
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9659A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F965BE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F965D1
                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?), ref: 00F965EB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96730
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F967DB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F967EE
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F96827
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F9683A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96868
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9687B
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96743
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F968E3
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F968F6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96928
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96937
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96951
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96960
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSection$AsyncBeepCacheDownloadEnterFileLeaveMessageSleepState__splitpath_helper__wsplitpath
                                                                                                      • String ID: POST$Pairing$Push the button on your Hue$Software\f.lux Software LLC\hue$link button$not available for resource$success$unauthorized user$username${"devicetype":"f.lux"}
                                                                                                      • API String ID: 1428179892-1240875123
                                                                                                      • Opcode ID: d4da986473a300d054966acdf78fb46357b50dd6601136c3dbbf8f4febb9c6fb
                                                                                                      • Instruction ID: ac794501370bac9224d252aaad9b6636463bec42ff650f1e0b0626daec05599b
                                                                                                      • Opcode Fuzzy Hash: d4da986473a300d054966acdf78fb46357b50dd6601136c3dbbf8f4febb9c6fb
                                                                                                      • Instruction Fuzzy Hash: 3DF1DE728083429BDB31EF64CD81A9FB7E8AF84314F04492DF585D7141DB38EA48EB92
                                                                                                      Function 00F85410 Relevance: 54.5, APIs: 16, Strings: 15, Instructions: 248COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • SETUP: freeing Capture Graph , xrefs: 00F85610
                                                                                                      • SETUP: freeing Renderer , xrefs: 00F854EB
                                                                                                      • SETUP: freeing Control , xrefs: 00F8556B
                                                                                                      • SETUP: freeing Media Event , xrefs: 00F8558B, 00F855E5
                                                                                                      • SETUP: freeing Media Type , xrefs: 00F855CB
                                                                                                      • SETUP: freeing Grabber Callback, xrefs: 00F85445
                                                                                                      • ERROR - Could not stop pControl, xrefs: 00F854B8
                                                                                                      • SETUP: freeing Stream , xrefs: 00F855AB
                                                                                                      • SETUP: freeing Main Graph , xrefs: 00F85630
                                                                                                      • SETUP: freeing Grabber , xrefs: 00F8554B
                                                                                                      • SETUP: Device %i disconnected and freed, xrefs: 00F856A0
                                                                                                      • SETUP: freeing Capture Source , xrefs: 00F8550B
                                                                                                      • SETUP: Disconnecting device %i, xrefs: 00F85421
                                                                                                      • SETUP: freeing Grabber Filter , xrefs: 00F8552B
                                                                                                      • ERROR - Could not pause pControl, xrefs: 00F8549C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _printf$__ftbuf__output_l__stbuf
                                                                                                      • String ID: SETUP: Disconnecting device %i$ERROR - Could not pause pControl$ERROR - Could not stop pControl$SETUP: Device %i disconnected and freed$SETUP: freeing Capture Graph $SETUP: freeing Capture Source $SETUP: freeing Control $SETUP: freeing Grabber $SETUP: freeing Grabber Callback$SETUP: freeing Grabber Filter $SETUP: freeing Main Graph $SETUP: freeing Media Event $SETUP: freeing Media Type $SETUP: freeing Renderer $SETUP: freeing Stream
                                                                                                      • API String ID: 3971572023-3346935020
                                                                                                      • Opcode ID: 2e9500edbc3a2eb0f96980990b2719cc5f27bea4e87f556fbcd6e281884f3238
                                                                                                      • Instruction ID: 528c59d94aa4ca65e6127df963183e2fabd37568c8b28343df4a5a9820723470
                                                                                                      • Opcode Fuzzy Hash: 2e9500edbc3a2eb0f96980990b2719cc5f27bea4e87f556fbcd6e281884f3238
                                                                                                      • Instruction Fuzzy Hash: 479131B5A00E56AFC710FFA5CCD1865B366BF487183584128E6098BB22D739FC61EBD1
                                                                                                      Function 00F8C2D0 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 291COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C30E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C31D
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C320
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C32F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C35B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C36A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C36D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C37C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C3AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C3BD
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C3C0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C3CF
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C3FB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C40E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C411
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C420
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C44C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C45B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C471
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C480
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C498
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C4A7
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8C4C7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8C4DA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection
                                                                                                      • String ID: beta$pro
                                                                                                      • API String ID: 880407097-2703637827
                                                                                                      • Opcode ID: e8b8303057355168249a7c5e387e910c77bb01051afb4be088f7bd0c5e628ae6
                                                                                                      • Instruction ID: 2002a10dcac702e5448e13f139255c81cb6da611ddde754f6554f971e9ad8c86
                                                                                                      • Opcode Fuzzy Hash: e8b8303057355168249a7c5e387e910c77bb01051afb4be088f7bd0c5e628ae6
                                                                                                      • Instruction Fuzzy Hash: E991AF725042014BD720FA34CC91BFE7298EF90764F488939E885D7196EA3DDA49A7F2
                                                                                                      Function 00F747C0 Relevance: 42.3, APIs: 28, Instructions: 267registryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RegisterHotKey.USER32(?,00000001,00000001,00000021), ref: 00F747EC
                                                                                                      • RegisterHotKey.USER32(?,00000002,00000001,00000022), ref: 00F74801
                                                                                                      • RegisterHotKey.USER32(?,00000003,00000005,00000021), ref: 00F74816
                                                                                                      • RegisterHotKey.USER32(?,00000004,00000005,00000022), ref: 00F7482B
                                                                                                      • RegisterHotKey.USER32(?,00000005,00000001,00000023), ref: 00F74840
                                                                                                      • RegisterHotKey.USER32(?,00000006,00000005,00000023), ref: 00F74855
                                                                                                      • RegisterHotKey.USER32(?,00000007,00000008,00000023), ref: 00F7486A
                                                                                                      • RegisterHotKey.USER32(?,00000065,00000001,0000007A), ref: 00F7488A
                                                                                                      • RegisterHotKey.USER32(?,00000066,00000001,0000007B), ref: 00F7489F
                                                                                                      • RegisterHotKey.USER32(?,00000067,00000005,0000007A), ref: 00F748B4
                                                                                                      • RegisterHotKey.USER32(?,00000068,00000005,0000007B), ref: 00F748C9
                                                                                                      • RegisterHotKey.USER32(?,00000069,00000001,00000079), ref: 00F748DE
                                                                                                      • RegisterHotKey.USER32(?,0000006A,00000005,00000079), ref: 00F748F3
                                                                                                      • RegisterHotKey.USER32(?,0000006B,00000008,00000079), ref: 00F74908
                                                                                                      • UnregisterHotKey.USER32(?,00000001), ref: 00F7491E
                                                                                                      • UnregisterHotKey.USER32(?,00000002), ref: 00F7492F
                                                                                                      • UnregisterHotKey.USER32(?,00000003), ref: 00F74940
                                                                                                      • UnregisterHotKey.USER32(?,00000004), ref: 00F74951
                                                                                                      • UnregisterHotKey.USER32(?,00000005), ref: 00F74962
                                                                                                      • UnregisterHotKey.USER32(?,00000006), ref: 00F74973
                                                                                                      • UnregisterHotKey.USER32(?,00000007), ref: 00F74984
                                                                                                      • UnregisterHotKey.USER32(?,00000065), ref: 00F74995
                                                                                                      • UnregisterHotKey.USER32(?,00000066), ref: 00F749A6
                                                                                                      • UnregisterHotKey.USER32(?,00000067), ref: 00F749B7
                                                                                                      • UnregisterHotKey.USER32(?,00000068), ref: 00F749C8
                                                                                                      • UnregisterHotKey.USER32(?,00000069), ref: 00F749D9
                                                                                                      • UnregisterHotKey.USER32(?,0000006A), ref: 00F749EA
                                                                                                      • UnregisterHotKey.USER32(?,0000006B), ref: 00F749FB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: RegisterUnregister
                                                                                                      • String ID:
                                                                                                      • API String ID: 2330324139-0
                                                                                                      • Opcode ID: f87e236026c287a761c27e3d50aad271fe447c163e07a58c9831aed12df7281b
                                                                                                      • Instruction ID: 21aeee776ebea27dddf6fac993c17571891abffd50debe9e3a22706302020a7d
                                                                                                      • Opcode Fuzzy Hash: f87e236026c287a761c27e3d50aad271fe447c163e07a58c9831aed12df7281b
                                                                                                      • Instruction Fuzzy Hash: FF91CB74750600AFD268DFA8DC91F1EB3E6BF9CB00F114548E2459B3D1CA7AE981CBA5
                                                                                                      Function 00F711C0 Relevance: 40.6, APIs: 19, Strings: 4, Instructions: 368timelibraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(Dwmapi.dll,00000000,00000008), ref: 00F711DB
                                                                                                      • GetProcAddress.KERNEL32(00000000,DwmFlush), ref: 00F711F5
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F7120A
                                                                                                      • _memset.LIBCMT ref: 00F7121F
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F71264
                                                                                                      • timeGetTime.WINMM ref: 00F7132A
                                                                                                        • Part of subcall function 00FAAA40: QueryPerformanceCounter.KERNEL32(00000000,?,?,?), ref: 00FAAA4D
                                                                                                      • timeGetTime.WINMM ref: 00F7139C
                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00F713B2
                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 00F713E0
                                                                                                        • Part of subcall function 00FAAA40: timeGetTime.WINMM(?,?,?), ref: 00FAAA92
                                                                                                      • timeGetTime.WINMM ref: 00F713F6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F71571
                                                                                                      • IsWindow.USER32(?), ref: 00F71598
                                                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 00F715B6
                                                                                                      • DestroyWindow.USER32(?), ref: 00F715C9
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7160F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7161E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F71644
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F71653
                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00F7166D
                                                                                                      Strings
                                                                                                      • Dwmapi.dll, xrefs: 00F711D2
                                                                                                      • Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam accumsan enim in massa dapibus scelerisque a vitae diam. Nam ipsum sapien, porttitor sed eros fringilla, eleifend gravida sapien. Nullam accumsan leo in est viverra, id finibus lorem venenatis. I, xrefs: 00F712C4
                                                                                                      • DwmFlush, xrefs: 00F711EF
                                                                                                      • f.lux test, xrefs: 00F71231
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$IncrementTimetime$DecrementPerformanceQueryWindow$CounterLibrary$AddressDestroyFreeFrequencyLoadLongProc_memset
                                                                                                      • String ID: DwmFlush$Dwmapi.dll$Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam accumsan enim in massa dapibus scelerisque a vitae diam. Nam ipsum sapien, porttitor sed eros fringilla, eleifend gravida sapien. Nullam accumsan leo in est viverra, id finibus lorem venenatis. I$f.lux test
                                                                                                      • API String ID: 2555513396-3521093872
                                                                                                      • Opcode ID: 61191c2b700477d8be24ce2d93c53dc1194dfeab8b2ea21bb1c385a891a6b9e8
                                                                                                      • Instruction ID: aa84715edaab368f22eb68672e6308abf043f71ee35565d588fda3f277c51c37
                                                                                                      • Opcode Fuzzy Hash: 61191c2b700477d8be24ce2d93c53dc1194dfeab8b2ea21bb1c385a891a6b9e8
                                                                                                      • Instruction Fuzzy Hash: B3E1DF71A047459FC721EF69C880A6EB7E4FF88710F148A1EF88997245DB38DD48DB92
                                                                                                      Function 00F994B0 Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 295sleepthreadtimeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FAA930: QueryPerformanceCounter.KERNEL32(?,?,?,?), ref: 00FAA953
                                                                                                        • Part of subcall function 00FA8FD0: GetSystemPowerStatus.KERNEL32 ref: 00FA8FED
                                                                                                        • Part of subcall function 00FA8FD0: InterlockedIncrement.KERNEL32(010C70C0), ref: 00FA9015
                                                                                                        • Part of subcall function 00FA8FD0: SetThreadExecutionState.KERNEL32(80000041), ref: 00FA902D
                                                                                                      • Sleep.KERNEL32(000001F4), ref: 00F995E8
                                                                                                      • InterlockedDecrement.KERNEL32(010C70C0), ref: 00F995F3
                                                                                                      • SetThreadExecutionState.KERNEL32(80000000), ref: 00F99921
                                                                                                        • Part of subcall function 00FAAA40: QueryPerformanceCounter.KERNEL32(00000000,?,?,?), ref: 00FAAA4D
                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00F9961D
                                                                                                      • timeGetTime.WINMM ref: 00F99631
                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00F9964C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9966A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F99683
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F996B0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F996BF
                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?), ref: 00F996D9
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F997DD
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F997EC
                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00F998BD
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F998CC
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F998DB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F998F5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F99904
                                                                                                      • InterlockedDecrement.KERNEL32(010C70C0), ref: 00F9991A
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Decrement$Increment$CriticalSection$CounterPerformanceQuery$EnterExecutionLeaveSleepStateThread$PowerStatusSystemTimetime
                                                                                                      • String ID: &huect=%d$?ct=%d&bri=%f&unitfade=%f$POST
                                                                                                      • API String ID: 3693843181-3709995329
                                                                                                      • Opcode ID: 521c76dded5072c4c90e6f39ab5c2dc7b08e97234b41b8244f91bff400cf0fe2
                                                                                                      • Instruction ID: 77495c7fb69ff57de46dea94e1697da806b5a91ea23d555400426cdaf77194b6
                                                                                                      • Opcode Fuzzy Hash: 521c76dded5072c4c90e6f39ab5c2dc7b08e97234b41b8244f91bff400cf0fe2
                                                                                                      • Instruction Fuzzy Hash: 16C1B431818B848BDB339FB9CC4169EB7A4BF86340F15871FFC5966100EB79A681EB51
                                                                                                      Function 00F7A639 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 171COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A684
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A699
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A69C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A6AB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A70D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A71C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A71F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A72E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A782
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A795
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A798
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A7A7
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A7F1
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A800
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A81C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A82B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7A849
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7A858
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$_strncmp
                                                                                                      • String ID: group$mode$tag
                                                                                                      • API String ID: 2147874634-970695921
                                                                                                      • Opcode ID: 754a76d20f87061c2f650856fef6c82f0ce7216aae4f219134af8c5505d921b3
                                                                                                      • Instruction ID: d5ddab95c14a27393c60c5fe3170d86163035af88d80716f2edf4b9bf501dfc3
                                                                                                      • Opcode Fuzzy Hash: 754a76d20f87061c2f650856fef6c82f0ce7216aae4f219134af8c5505d921b3
                                                                                                      • Instruction Fuzzy Hash: 505184B28047115BD6259B10DC85B6F73A8EFC1700F05892EF998D7145DB3CEE06AB97
                                                                                                      Function 00F66000 Relevance: 35.3, APIs: 6, Strings: 14, Instructions: 252COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E8C0: _memset.LIBCMT ref: 00F7E94C
                                                                                                        • Part of subcall function 00F7E8C0: __snprintf.LIBCMT ref: 00F7E969
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E9AC
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E9BF
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedIncrement.KERNEL32(?), ref: 00F7E70C
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedDecrement.KERNEL32(?), ref: 00F7E71F
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedIncrement.KERNEL32(?), ref: 00F7E72F
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedDecrement.KERNEL32(?), ref: 00F7E742
                                                                                                        • Part of subcall function 00F7E6A0: _memset.LIBCMT ref: 00F7E760
                                                                                                        • Part of subcall function 00F7E6A0: __snprintf.LIBCMT ref: 00F7E781
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E7C7
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E7DA
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F66224
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F66237
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F66281
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F66294
                                                                                                      • _memset.LIBCMT ref: 00F662AC
                                                                                                      • CreatePropertySheetPageA.COMCTL32(?,?,?), ref: 00F662C5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$_memset$__snprintf$CreatePagePropertySheet
                                                                                                      • String ID: Hue$LIFX$Preferences$YeeLight$Z$canpreventsleep$door,porch$huebackoff$huedawndusk$huedawndusknames$huepoll$lightwarm$pollURL$pollURLrate
                                                                                                      • API String ID: 3396965368-27055765
                                                                                                      • Opcode ID: 3b6a6da0f4f6d7b107219f1c6f2f51446ec3392e0ea822c45b616989672d2e8a
                                                                                                      • Instruction ID: d586f69c90aa1eda8eb7aa4de795787079c9b59b62c74723365fe1aa6271e74e
                                                                                                      • Opcode Fuzzy Hash: 3b6a6da0f4f6d7b107219f1c6f2f51446ec3392e0ea822c45b616989672d2e8a
                                                                                                      • Instruction Fuzzy Hash: 0DA17EB1504B56AFD310DF25CC80A9BB7E8BF88304F404A5EF59987241D7B8A61D8FE2
                                                                                                      Function 00FA89B0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 234registryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E879
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E888
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E899
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E8A8
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA89F9
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA8A0E
                                                                                                        • Part of subcall function 00FB5560: InterlockedDecrement.KERNEL32(00000000), ref: 00FB55BC
                                                                                                        • Part of subcall function 00FB5560: InterlockedIncrement.KERNEL32(00000000), ref: 00FB55CF
                                                                                                        • Part of subcall function 00FB5560: RegCreateKeyExA.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,?,00000000,00000000,00F6251A), ref: 00FB55F6
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8A3F
                                                                                                      • InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A4E
                                                                                                      • InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A51
                                                                                                      • InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8A60
                                                                                                      • InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8A7F
                                                                                                      • InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A8E
                                                                                                      • InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A91
                                                                                                      • InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8AA0
                                                                                                      • _memset.LIBCMT ref: 00FA8B1E
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Cryptography\,00000101,MachineGuid,00000000,?,0102B498,00000000,?), ref: 00FA8B59
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA8B9C
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA8BAB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA8BCB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA8BDE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA8C04
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA8C17
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSection$Enter$CreateLeaveQueryValue_malloc_memset
                                                                                                      • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography\
                                                                                                      • API String ID: 3873666891-1536818239
                                                                                                      • Opcode ID: 900103bcaaae569127768d77fc98874361c600e95edcaa3896bae679f4c1e1b7
                                                                                                      • Instruction ID: 140e9fd8f46a6f5152676f5f3f2a96df4b689895e7e502a5e2efac0cbe844cab
                                                                                                      • Opcode Fuzzy Hash: 900103bcaaae569127768d77fc98874361c600e95edcaa3896bae679f4c1e1b7
                                                                                                      • Instruction Fuzzy Hash: CD71C5B25047155FC721EF50CC85AAFB798EF86790F44483AF881D7101DB7DDA0A9BA2
                                                                                                      Function 00FCA680 Relevance: 31.8, APIs: 21, Instructions: 284commemoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 00FCA6CC
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 00FCA6DF
                                                                                                      • SetWindowLongA.USER32(?,000000EC,00000000), ref: 00FCA6EA
                                                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00FCA6FB
                                                                                                      • OleUninitialize.OLE32 ref: 00FCA70D
                                                                                                      • OleInitialize.OLE32(00000000), ref: 00FCA71A
                                                                                                      • GetWindowTextLengthA.USER32(?), ref: 00FCA724
                                                                                                      • GetWindowTextA.USER32(?,00000000,00000001), ref: 00FCA770
                                                                                                      • SetWindowTextA.USER32(?,0102B498), ref: 00FCA77C
                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00FCA7A3
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00FCA7B0
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00FCA7CB
                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00FCA7D8
                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00FCA7FA
                                                                                                      • DefWindowProcA.USER32(?,?,?,?,?,00000002,00000000), ref: 00FCA972
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$GlobalLong$Text$AllocCreateFreeInitializeLengthLockProcStreamStringUninitializeUnlock
                                                                                                      • String ID:
                                                                                                      • API String ID: 2199760997-0
                                                                                                      • Opcode ID: 645fb8da8f3bbfb356002ff6e658e23c0c91c68e3d58635c863a0a642b72877d
                                                                                                      • Instruction ID: b7605e225604f323f4312d5c56e6778a7dc2a337bce7e5aaea3128d13347231a
                                                                                                      • Opcode Fuzzy Hash: 645fb8da8f3bbfb356002ff6e658e23c0c91c68e3d58635c863a0a642b72877d
                                                                                                      • Instruction Fuzzy Hash: 8491A375E0010AABCB11DF64DD86FAE7779FF84314B148109F505A7294DB38AD42EBA2
                                                                                                      Function 00FC4CF0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 235memorystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenA.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4D23
                                                                                                      • CoTaskMemAlloc.OLE32(00000000,?,00000000,?,?,00000000), ref: 00FC4D4D
                                                                                                      • CharNextA.USER32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5,?,00000000), ref: 00FC4DBA
                                                                                                      • CharNextA.USER32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4DC0
                                                                                                      • CharNextA.USER32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4DC6
                                                                                                      • CharNextA.USER32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4DCC
                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000), ref: 00FC4E07
                                                                                                      • CharNextA.USER32 ref: 00FC4E9C
                                                                                                      • CharNextA.USER32(00000000), ref: 00FC4EA9
                                                                                                      • CharNextA.USER32(?,?,?,?,?,?,?,?,00000000), ref: 00FC4EC5
                                                                                                      • CoTaskMemFree.OLE32(?,?,00000000,?,?,00000000), ref: 00FC4EE8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharNext$Task$Free$Alloclstrlen
                                                                                                      • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                      • API String ID: 1502516646-1142484189
                                                                                                      • Opcode ID: fac7c4bbc12b73873190f69ab6f23f5454586412cb1559f88638cc7afaf5e990
                                                                                                      • Instruction ID: 3606cba5ff2caca51445fc81dbc38ed66e4ad28d42e69395666722246b5ed10f
                                                                                                      • Opcode Fuzzy Hash: fac7c4bbc12b73873190f69ab6f23f5454586412cb1559f88638cc7afaf5e990
                                                                                                      • Instruction Fuzzy Hash: FC81D1719083429FD710DF248E92BAEBBE4BF98360F05492DF589C7241D738EA44D792
                                                                                                      Function 00FBD2E0 Relevance: 30.2, APIs: 20, Instructions: 201COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD348
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD357
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD389
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD39C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD3D1
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD3E0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD412
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD425
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD43A
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD449
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD47B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD48E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD4A3
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD4B2
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD4E4
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD4F7
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD50C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD51B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBD54D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBD560
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSection$EnterLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3331576342-0
                                                                                                      • Opcode ID: 329285ddb91f168338ad723a5a31c4238d5fd7aa9c43aee97e3dc682e842c15e
                                                                                                      • Instruction ID: d6946d20e00e3606877db1e4833062868cff1c5304e6b235a1effe5afc2cc96e
                                                                                                      • Opcode Fuzzy Hash: 329285ddb91f168338ad723a5a31c4238d5fd7aa9c43aee97e3dc682e842c15e
                                                                                                      • Instruction Fuzzy Hash: 4B81E472901A16DBE7298F25C984BDAB764FF05310F084371DC18AB206DF38BA549FE6
                                                                                                      Function 00F8F040 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F8F0A3
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F8F0B2
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8F142
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8F151
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8F18A
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8F199
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: location$model$name
                                                                                                      • API String ID: 2172605799-2573031255
                                                                                                      • Opcode ID: 0ef0c71b1a1054f57e8ccab4463f10be93d724c23ee0a5da3b0b8afff27aa4af
                                                                                                      • Instruction ID: 90d892d0c3b1feeeaa91d9a33e9e7049b370e2f9dc8ad93810192c2285259c85
                                                                                                      • Opcode Fuzzy Hash: 0ef0c71b1a1054f57e8ccab4463f10be93d724c23ee0a5da3b0b8afff27aa4af
                                                                                                      • Instruction Fuzzy Hash: 8691A4729046129FDB21FF24CC85BEB77A8AF91710F184839F845E7141DA38DE4DA7A1
                                                                                                      Function 00F95380 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 234keyboardCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00F953AB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F95479
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F95488
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F95506
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F95519
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9551C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F95593
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F955A2
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F955F3
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F95602
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9552B
                                                                                                        • Part of subcall function 00F7E8C0: _memset.LIBCMT ref: 00F7E94C
                                                                                                        • Part of subcall function 00F7E8C0: __snprintf.LIBCMT ref: 00F7E969
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E9AC
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E9BF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$AsyncState__snprintf_memset
                                                                                                      • String ID: Preferences$http://%s/$https://discovery.meethue.com/$internalipaddress$meethue$upnphue
                                                                                                      • API String ID: 1494830714-2815800763
                                                                                                      • Opcode ID: b703f13ba1f0c4aa5bbb57de6ac819cfdcc36a742695d946f90d4d3d4da6e4c6
                                                                                                      • Instruction ID: 7008b4301fa6614d6af11b4c36be0c2aded076920978de3631c7ae5a54498e71
                                                                                                      • Opcode Fuzzy Hash: b703f13ba1f0c4aa5bbb57de6ac819cfdcc36a742695d946f90d4d3d4da6e4c6
                                                                                                      • Instruction Fuzzy Hash: 4481F3719087018BEB22DF24CC41BAFB7E4AF85B58F44091DF98597152DB38DA48AB93
                                                                                                      Function 00F96A80 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 189COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F969B8
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F969C7
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F969ED
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F969FC
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F96A1C
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F96A2B
                                                                                                        • Part of subcall function 00F96990: InterlockedDecrement.KERNEL32(?), ref: 00F96A3D
                                                                                                        • Part of subcall function 00F96990: InterlockedIncrement.KERNEL32(?), ref: 00F96A4C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96AE1
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96AF4
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96B1A
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96B29
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96B47
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96B56
                                                                                                      • __wsplitpath.LIBCMT ref: 00F96BB8
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96C2E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96C3D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96C40
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96C4F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96C7C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96C8B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96CAD
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96CBC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection__wsplitpath
                                                                                                      • String ID: /config$bridgeid
                                                                                                      • API String ID: 3415629114-3034341967
                                                                                                      • Opcode ID: 9e59a3382fb637400c32c22b2cf35a8cdf1dfbbc1d149bd57b02d507d82175b8
                                                                                                      • Instruction ID: cda1a116f2b3bae66833f707fdcef0b8f3cd5caae64c96932db7fbc412a2e9e5
                                                                                                      • Opcode Fuzzy Hash: 9e59a3382fb637400c32c22b2cf35a8cdf1dfbbc1d149bd57b02d507d82175b8
                                                                                                      • Instruction Fuzzy Hash: F85163725087519BDB31EF54CC81BAF77A8EF84310F44492EF5C5D3141DA3DAA08ABA6
                                                                                                      Function 00F910E0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 150COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E879
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E888
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E899
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E8A8
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F9112C
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F9113B
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F91168
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F91177
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F9118E
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F9119D
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F911AB
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F911BA
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F911FD
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F9120C
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F91241
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F91250
                                                                                                      • InterlockedDecrement.KERNEL32(00000001), ref: 00F91253
                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 00F91262
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: Software\Michael Herf\fluxupdate$cookie
                                                                                                      • API String ID: 2172605799-3235217447
                                                                                                      • Opcode ID: ab59e06c6a0797ad88907d219ab38e594cd524810d390e8525ba92bc1a43ea8d
                                                                                                      • Instruction ID: c369233a285ca1bf0eb91c3548ec87c68363fcdf406c0f8976f3d786e374b0f2
                                                                                                      • Opcode Fuzzy Hash: ab59e06c6a0797ad88907d219ab38e594cd524810d390e8525ba92bc1a43ea8d
                                                                                                      • Instruction Fuzzy Hash: 1241C2325556176BFB31EB20DC817AE7398FF81750F540439E980E3141DB2CEA4AA7A6
                                                                                                      Function 00FB6AF0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 80libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(USER32,?,00FBA420,?,00FB6CAE,?,?,?,?,?,?,00F7C011), ref: 00FB6B19
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00FB6B35
                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00FB6B46
                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00FB6B57
                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00FB6B68
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00FB6B79
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00FB6B8A
                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00FB6B9B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                      • API String ID: 667068680-68207542
                                                                                                      • Opcode ID: 78f16099a987ad4ece338e69b9dadf8b36bff43d4761da7b2d730a2d5fa498b5
                                                                                                      • Instruction ID: bc6a45bff803acc40a3d73d4bf94628c9ba81745d15782716593e9f7ee2e1eaf
                                                                                                      • Opcode Fuzzy Hash: 78f16099a987ad4ece338e69b9dadf8b36bff43d4761da7b2d730a2d5fa498b5
                                                                                                      • Instruction Fuzzy Hash: A82150769022159FC735AF6BACC5889B6E9BBD9310325887FF990D7108D3BE05849F50
                                                                                                      Function 00F66890 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 226COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E8C0: _memset.LIBCMT ref: 00F7E94C
                                                                                                        • Part of subcall function 00F7E8C0: __snprintf.LIBCMT ref: 00F7E969
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E9AC
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E9BF
                                                                                                        • Part of subcall function 00FA8D90: _memset.LIBCMT ref: 00FA8DCF
                                                                                                        • Part of subcall function 00FA8D90: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000000,00000090,?), ref: 00FA8DE5
                                                                                                        • Part of subcall function 00FA8D90: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00FA8DED
                                                                                                        • Part of subcall function 00FA8D90: VerifyVersionInfoA.KERNEL32(?,00000003,00000000), ref: 00FA8DF8
                                                                                                      • _memset.LIBCMT ref: 00F66B10
                                                                                                      • CreatePropertySheetPageA.COMCTL32(?,?,?,?), ref: 00F66B29
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset$ConditionInterlockedMask$CreateDecrementIncrementInfoPagePropertySheetVerifyVersion__snprintf
                                                                                                      • String ID: DisableUpdate$Preferences$SlowFade$SoftwareMouse$SurfaceKeys$UseDisplayChroma$UseGPU$UseInternal$WideSlider$alarm$autorun$hotkeys$veryfast
                                                                                                      • API String ID: 1129850736-2012632568
                                                                                                      • Opcode ID: f6f62654c7a2f832abbaa17871086e127f0494580a0580d820feaca0fd676662
                                                                                                      • Instruction ID: e3bc474c4cbddd2803cec83e3569a940eb275014e5fcf38b16b98fe0e0681011
                                                                                                      • Opcode Fuzzy Hash: f6f62654c7a2f832abbaa17871086e127f0494580a0580d820feaca0fd676662
                                                                                                      • Instruction Fuzzy Hash: DDA1FCB15447459FC311DF29C890ADBBBE8BB99704F448D5FE1EA87202DB74A20DCB62
                                                                                                      Function 00FCAA80 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112registrywindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(010C120C,00000000,?), ref: 00FCAA92
                                                                                                      • RegisterWindowMessageA.USER32(WM_ATLGETHOST), ref: 00FCAAA3
                                                                                                      • RegisterWindowMessageA.USER32(WM_ATLGETCONTROL), ref: 00FCAAAF
                                                                                                      • GetClassInfoExA.USER32(00F60000,AtlAxWin90,?), ref: 00FCAAD0
                                                                                                      • LoadCursorA.USER32 ref: 00FCAB12
                                                                                                      • RegisterClassExA.USER32 ref: 00FCAB35
                                                                                                        • Part of subcall function 00FCAFE0: __recalloc.LIBCMT ref: 00FCB023
                                                                                                      • _memset.LIBCMT ref: 00FCAB61
                                                                                                      • GetClassInfoExA.USER32(00F60000,AtlAxWinLic90,?), ref: 00FCAB7E
                                                                                                      • LoadCursorA.USER32 ref: 00FCABBA
                                                                                                      • RegisterClassExA.USER32 ref: 00FCABDD
                                                                                                      • LeaveCriticalSection.KERNEL32(010C120C), ref: 00FCAC0C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassRegister$CriticalCursorInfoLoadMessageSectionWindow$EnterLeave__recalloc_memset
                                                                                                      • String ID: AtlAxWin90$AtlAxWinLic90$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                      • API String ID: 2252124385-2573294316
                                                                                                      • Opcode ID: 40ee91576bc23df718271f7e0be4772ef0540b03d6cfaff11a09608249ebac8d
                                                                                                      • Instruction ID: da2a26f388a6f2c49c745e28a4734ae134887917e7ad8c635defbc32902c6def
                                                                                                      • Opcode Fuzzy Hash: 40ee91576bc23df718271f7e0be4772ef0540b03d6cfaff11a09608249ebac8d
                                                                                                      • Instruction Fuzzy Hash: 6B4157B18083049FC310DF16D985A5BBBE8FFC9B18F404A1EF4C993210D77999048F96
                                                                                                      Function 00FCA3A0 Relevance: 25.8, APIs: 17, Instructions: 265commemorystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 00FCA3EC
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 00FCA3FF
                                                                                                      • SetWindowLongA.USER32(?,000000EC,00000000), ref: 00FCA40A
                                                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00FCA41B
                                                                                                      • OleUninitialize.OLE32 ref: 00FCA42D
                                                                                                      • OleInitialize.OLE32(00000000), ref: 00FCA43A
                                                                                                      • GetWindowTextLengthA.USER32(?), ref: 00FCA444
                                                                                                      • GetWindowTextA.USER32(?,00000000,00000001), ref: 00FCA493
                                                                                                      • SetWindowTextA.USER32(?,0102B498), ref: 00FCA49F
                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00FCA4C6
                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00FCA4D3
                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00FCA4EE
                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00FCA4FB
                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00FCA50D
                                                                                                      • DefWindowProcA.USER32(?,?,?,?,?,00000002,00000000), ref: 00FCA655
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$GlobalLong$Text$AllocCreateInitializeLengthLockProcStreamUninitializeUnlocklstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2367841626-0
                                                                                                      • Opcode ID: 0e848bc52e6dbb84a29c2c7844a47c0a1371dc18c4dffeb7a68eb0a3d7a12dfc
                                                                                                      • Instruction ID: dcdbf7498dc0b5df264ed6754c22c8cef153ba96c58181f92e5737b936d28be4
                                                                                                      • Opcode Fuzzy Hash: 0e848bc52e6dbb84a29c2c7844a47c0a1371dc18c4dffeb7a68eb0a3d7a12dfc
                                                                                                      • Instruction Fuzzy Hash: 73919F75A0010A9BDB10DF64DD86FAF7778AF84318B18851DF911A7294DB38ED01E7A2
                                                                                                      Function 00F7D3A0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 307windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA72E6
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA72F5
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA7318
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA7327
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA732A
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA7339
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA7371
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA7380
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F7D414
                                                                                                      • AdjustWindowRect.USER32(?,00CF0000,00000000), ref: 00F7D4A4
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F7D4E7
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _memset.LIBCMT ref: 00F7D501
                                                                                                        • Part of subcall function 00FA44F0: InterlockedDecrement.KERNEL32(00000000), ref: 00FA45AB
                                                                                                        • Part of subcall function 00FA44F0: InterlockedIncrement.KERNEL32(00000000), ref: 00FA45BE
                                                                                                      • LoadImageA.USER32 ref: 00F7D5D8
                                                                                                      • LoadIconA.USER32(00000000,00000065), ref: 00F7D5FD
                                                                                                      • SetClassLongA.USER32(?,000000F2,00000000), ref: 00F7D60A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7D63C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7D64F
                                                                                                      • timeBeginPeriod.WINMM(00000014,?,?,Preferences,?,?,?,f.lux,00000005), ref: 00F7D6EA
                                                                                                      • SystemParametersInfoA.USER32(0000005D,00000000,00000000,00000000), ref: 00F7D80B
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Increment$Decrement$CriticalSection$EnterLoad$AdjustBeginClassIconImageInfoLeaveLongParametersPeriodRectSystemWindow_malloc_memsettime
                                                                                                      • String ID: Preferences$f.lux$hasv4
                                                                                                      • API String ID: 98452683-1716721375
                                                                                                      • Opcode ID: 2f89ff053957345e272b810addc0810dd2216681a6bba0a6d6c80ea809dbccbb
                                                                                                      • Instruction ID: 87c6cac5218d0a0219f92ac034ebd8fd1f5183f8b195188fbd3440c0165964a8
                                                                                                      • Opcode Fuzzy Hash: 2f89ff053957345e272b810addc0810dd2216681a6bba0a6d6c80ea809dbccbb
                                                                                                      • Instruction Fuzzy Hash: A2C1C4719087809AD331EF68CC85B9FB7F5AFC9310F548A1EF58886282DBB99444DB53
                                                                                                      Function 00F68BA0 Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 255COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD8A0: __atof_l.LIBCMT ref: 00FFD8AA
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F68EC5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F68ED8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement__atof_l_strncmp
                                                                                                      • String ID: chronotype$dayCCT$daybri$dimlight$earlybri$info$lateCCT$latebri$nightCCT$nightbri$sRGB$wtime
                                                                                                      • API String ID: 3771804111-333930569
                                                                                                      • Opcode ID: 6e274b55a0e339f7872749da403e6ffcbed000ec268c76e13e0adf301d52d3f9
                                                                                                      • Instruction ID: c1c47b0d8c217fbe381070f49e55923d8adfc04603c9a6ff9e9531542ddba529
                                                                                                      • Opcode Fuzzy Hash: 6e274b55a0e339f7872749da403e6ffcbed000ec268c76e13e0adf301d52d3f9
                                                                                                      • Instruction Fuzzy Hash: F3A12332A083449FCB15EF35C8416AEB7A8BF95340F004B2DF58677182DB78E946DB92
                                                                                                      Function 00FC8DF0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetStockObject.GDI32(00000011), ref: 00FC8E44
                                                                                                      • GetStockObject.GDI32(0000000D), ref: 00FC8E4C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ObjectStock
                                                                                                      • String ID:
                                                                                                      • API String ID: 3428563643-3916222277
                                                                                                      • Opcode ID: 2e2e216ec94b9d8d8bbd6012fd186e604a3a6051fd367a4c2ce8edf63b00545b
                                                                                                      • Instruction ID: fbefc2f96769fddac798b7f0103e5bf8c5adfb806133bf3039c3fa7457c480e4
                                                                                                      • Opcode Fuzzy Hash: 2e2e216ec94b9d8d8bbd6012fd186e604a3a6051fd367a4c2ce8edf63b00545b
                                                                                                      • Instruction Fuzzy Hash: D0517F71E0021A9BDB10DBE5CD46B9EBBB5EF48350F14411DE905EB244EB38AD02DB90
                                                                                                      Function 00F66C10 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 137windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32 ref: 00F66C33
                                                                                                      • SendMessageA.USER32(00000000,00000143,00000000,Slow: Natural Timing), ref: 00F66C4E
                                                                                                      • SendMessageA.USER32(00000000,00000143,00000000,Medium: Adapt your eyes), ref: 00F66C5D
                                                                                                      • SendMessageA.USER32(00000000,00000143,00000000,Very Fast: Gaming), ref: 00F66C6C
                                                                                                      • SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 00F66CE7
                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00F66D03
                                                                                                      • ShowWindow.USER32(00000000), ref: 00F66D0A
                                                                                                      • GetDlgItem.USER32(?,00000414), ref: 00F66D9D
                                                                                                      • ShowWindow.USER32(00000000), ref: 00F66DA4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Item$ShowWindow
                                                                                                      • String ID: Medium: Adapt your eyes$Preferences$Slow: Natural Timing$Very Fast: Gaming$fix1803
                                                                                                      • API String ID: 1499777575-2334936031
                                                                                                      • Opcode ID: 0d34f88e73f7b0f724b08e3d9602951fa50f8b40bd2c1cbaa75e112f5d9869cd
                                                                                                      • Instruction ID: de2652a95c0c0bb8489b6973a2b255a34312461191648f68788163d35a9c948b
                                                                                                      • Opcode Fuzzy Hash: 0d34f88e73f7b0f724b08e3d9602951fa50f8b40bd2c1cbaa75e112f5d9869cd
                                                                                                      • Instruction Fuzzy Hash: 6E41C370A04741ABE310DF29CC85B5BBBE8AF85314F04451EF584D72D2D7B8EA44DBA2
                                                                                                      Function 00F663A0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 112windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F62640: InterlockedIncrement.KERNEL32(?), ref: 00F6265D
                                                                                                        • Part of subcall function 00F62640: InterlockedDecrement.KERNEL32(?), ref: 00F62672
                                                                                                        • Part of subcall function 00F62640: InterlockedDecrement.KERNEL32(?), ref: 00F62678
                                                                                                        • Part of subcall function 00F62640: InterlockedIncrement.KERNEL32(?), ref: 00F62687
                                                                                                        • Part of subcall function 00F62640: InterlockedDecrement.KERNEL32(?), ref: 00F6269D
                                                                                                        • Part of subcall function 00F62640: InterlockedIncrement.KERNEL32(?), ref: 00F626AC
                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00F663C1
                                                                                                      • SetWindowTextA.USER32(00000000), ref: 00F663CE
                                                                                                      • GetDlgItem.USER32(?,000003FF), ref: 00F663E2
                                                                                                      • SetWindowTextA.USER32(00000000), ref: 00F663E9
                                                                                                      • GetDlgItem.USER32(?,0000040B), ref: 00F663F1
                                                                                                      • SendMessageA.USER32(00000000,00000143,00000000,Quite a bit warmer (default)), ref: 00F66406
                                                                                                      • SendMessageA.USER32(00000000,00000143,00000000,Slightly warmer), ref: 00F66419
                                                                                                      • SendMessageA.USER32(00000000,00000143,00000000,Match screen exactly), ref: 00F6642C
                                                                                                      • SendMessageA.USER32(00000000,0000014E,00000002,00000000), ref: 00F664B8
                                                                                                      • GetDlgItem.USER32(?,000003FF), ref: 00F664E9
                                                                                                      • EnableWindow.USER32(00000000), ref: 00F664F0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$ItemMessageSend$DecrementIncrementWindow$Text$Enable
                                                                                                      • String ID: Match screen exactly$Quite a bit warmer (default)$Slightly warmer
                                                                                                      • API String ID: 2806518722-1688256907
                                                                                                      • Opcode ID: d5d7dd4d73acc8ef9fb2307957d759606a360df314a90cd7014c680fafe034a1
                                                                                                      • Instruction ID: 4922da9b2c7088a4db661e0cbea1c4f074a6952a51d0e9702efba616e3ac5d11
                                                                                                      • Opcode Fuzzy Hash: d5d7dd4d73acc8ef9fb2307957d759606a360df314a90cd7014c680fafe034a1
                                                                                                      • Instruction Fuzzy Hash: E241D2716407006FE3209B34DC8AFAB77ACAF45710F00841EFA96C6192DF7DEA009BA5
                                                                                                      Function 00F6AFC0 Relevance: 24.3, APIs: 16, Instructions: 291timeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • KillTimer.USER32(?,?), ref: 00F6B089
                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00F6B100
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B19F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B1AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B1D6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B1E5
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B20D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B21C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B244
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B253
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B2BA
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B2C9
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B3C0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B3D3
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B3FB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B40E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSection$DeleteEnterKillTimer
                                                                                                      • String ID:
                                                                                                      • API String ID: 2679002240-0
                                                                                                      • Opcode ID: b885cfa7cd243040eef4980e87c207d0be0959c0c78c7f1dabc0f7ff709295fd
                                                                                                      • Instruction ID: 8de3a62b515d074fb200dfe1ec25d744d630233092ad3b5cafb60f55dc3bae5d
                                                                                                      • Opcode Fuzzy Hash: b885cfa7cd243040eef4980e87c207d0be0959c0c78c7f1dabc0f7ff709295fd
                                                                                                      • Instruction Fuzzy Hash: ECC18F728102548FCB21AF54DCD5BEA3365AF45310F5945B9EC08EF20BCF39A985AFA1
                                                                                                      Function 00FD92C0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 188libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00FD92E8
                                                                                                      • GetProcAddress.KERNEL32(?,CryptQueryObject), ref: 00FD9303
                                                                                                      • GetLastError.KERNEL32 ref: 00FD9337
                                                                                                      • GetProcAddress.KERNEL32(?,CryptMsgGetParam), ref: 00FD9350
                                                                                                      • GetLastError.KERNEL32 ref: 00FD9395
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressErrorLastProc$_memset
                                                                                                      • String ID: CertFindCertificateInStore$CertGetNameStringW$CryptMsgGetParam$CryptQueryObject
                                                                                                      • API String ID: 2935100696-2659062924
                                                                                                      • Opcode ID: 208e60c0ba090e1191c73d9ad0019a60b7f8375565d36e290d7c30651d28e955
                                                                                                      • Instruction ID: 1225bd60f21af49bb29ee35a8ba8828350c8e946dd592fbee3a1b7965f73ae38
                                                                                                      • Opcode Fuzzy Hash: 208e60c0ba090e1191c73d9ad0019a60b7f8375565d36e290d7c30651d28e955
                                                                                                      • Instruction Fuzzy Hash: 1051D172604305AFC220EFA5DC41E6BB7ADEBC9764F00491EF58493241D776E90A8B72
                                                                                                      Function 00F96CF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 174COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96D72
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96D85
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96DBD
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96DD0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96E26
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96E39
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96E78
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96E87
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96E9D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96EAC
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96EC4
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96ED3
                                                                                                      Strings
                                                                                                      • Software\f.lux Software LLC\hue, xrefs: 00F96D56
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: Software\f.lux Software LLC\hue
                                                                                                      • API String ID: 2172605799-107481494
                                                                                                      • Opcode ID: 3e1ee0b2bdea5499c6dea46e690f310ed6d060eab26ef9a1ad3d9d5915a0feb9
                                                                                                      • Instruction ID: 08524a0b6582415416b800265d88eb6479e606b5dc0208d470b23c3b5cab5c0d
                                                                                                      • Opcode Fuzzy Hash: 3e1ee0b2bdea5499c6dea46e690f310ed6d060eab26ef9a1ad3d9d5915a0feb9
                                                                                                      • Instruction Fuzzy Hash: 725190326043059BEB61FF64CD84BAB73A8EF84310F44482AFC55D7156DB3CEA05ABA5
                                                                                                      Function 00F80A60 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 333COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F80AAD
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F80BA2
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F80BB5
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F80D64
                                                                                                        • Part of subcall function 00F807E0: InterlockedIncrement.KERNEL32(010C7098), ref: 00F807EA
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F80E74
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F80E87
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F80F3A
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F80F4D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Increment$Decrement
                                                                                                      • String ID: Copyright 2008- f.lux Software LLC$f.lux$flux/#fluxicon$version %d.%d
                                                                                                      • API String ID: 4289621856-1394249262
                                                                                                      • Opcode ID: 9fce9c1d601c316445ffeb422e62961f8ac448c248df13ce7fb3e9714150ef33
                                                                                                      • Instruction ID: e965dc65478087fdf4935737dd824dbe08ef85fe7647d608851a513db6f1a0d1
                                                                                                      • Opcode Fuzzy Hash: 9fce9c1d601c316445ffeb422e62961f8ac448c248df13ce7fb3e9714150ef33
                                                                                                      • Instruction Fuzzy Hash: BCD18F728087859FC361EF36C88169FF7E4BF89344F408A2EF489A7241DB7895499F52
                                                                                                      Function 00F8CB20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 148COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CB6E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CB81
                                                                                                      • __wsplitpath.LIBCMT ref: 00F8CBEE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CC82
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CC91
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CC94
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CCA3
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CCB5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CCC4
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      • https://%d-%d-%s%s, xrefs: 00F8CC59
                                                                                                      • C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe, xrefs: 00F8CBBD
                                                                                                      • https://api, xrefs: 00F8CB52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection__wsplitpath
                                                                                                      • String ID: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe$https://%d-%d-%s%s$https://api
                                                                                                      • API String ID: 3415629114-3941088845
                                                                                                      • Opcode ID: 856e42f39121718e2fb867f6423e7d6de91c0014769ae27725933f21033b912f
                                                                                                      • Instruction ID: 9830bee2e20772a229743363616d5d3d6b5c6134c29531c140b1baeb35fecbd7
                                                                                                      • Opcode Fuzzy Hash: 856e42f39121718e2fb867f6423e7d6de91c0014769ae27725933f21033b912f
                                                                                                      • Instruction Fuzzy Hash: 7A519272504B809BD331EB18DC81BEFB7A8EF85314F08492DF58997141DB39DA049BE2
                                                                                                      Function 00F8B4B0 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 96COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strcat_s$_strcpy_s
                                                                                                      • String ID: ago$ in $%d %s$%d hours$about an hour$minute$minutes
                                                                                                      • API String ID: 928474232-81024688
                                                                                                      • Opcode ID: 6ef8993ace60654e330327f5a4c5d68432c61f07aa69ee460cbf5444b65820d6
                                                                                                      • Instruction ID: ca1865ab86d20335cf0bb68896c44b391d21c21735efbed809a990f619986495
                                                                                                      • Opcode Fuzzy Hash: 6ef8993ace60654e330327f5a4c5d68432c61f07aa69ee460cbf5444b65820d6
                                                                                                      • Instruction Fuzzy Hash: 122106B1A443105BD218A628DD53BBA378A9FD5700F68882DF7C5EF385EA34D905A352
                                                                                                      Function 010121A1 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 68memorylibraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000C,01012277,00000000,00FC699E,?,00FCA158), ref: 010121A3
                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00000000,?), ref: 010121BC
                                                                                                      • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 010121D6
                                                                                                      • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 010121E3
                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000008), ref: 01012215
                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 01012218
                                                                                                      • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0101222E
                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0101223B
                                                                                                      • HeapFree.KERNEL32(00000000), ref: 0101223E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                                      • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                                      • API String ID: 3830925854-2586642590
                                                                                                      • Opcode ID: b6ff1467957569143f428708a678ba36c58b927683fb65174c8b39445212b29d
                                                                                                      • Instruction ID: 7926767f37c1a0cdead64930b98ea9e6d391b2426830d517902db4379b2550ae
                                                                                                      • Opcode Fuzzy Hash: b6ff1467957569143f428708a678ba36c58b927683fb65174c8b39445212b29d
                                                                                                      • Instruction Fuzzy Hash: D41190B6641241EFD7709F799CC8A9A3BEDEB88691711846AE6C1C3219D73D9910CF20
                                                                                                      Function 00F720B0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 218windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InitializeCriticalSection.KERNEL32 ref: 00F720E8
                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00F7211E
                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00F72140
                                                                                                        • Part of subcall function 00FAA930: QueryPerformanceCounter.KERNEL32(?,?,?,?), ref: 00FAA953
                                                                                                      • IsWindow.USER32(00000000), ref: 00F7238C
                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00F7239C
                                                                                                      • MessageBoxA.USER32(00000000,00000000,Note,00000040), ref: 00F723CE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F723DE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F723F1
                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00F7241F
                                                                                                        • Part of subcall function 00FAAA40: QueryPerformanceCounter.KERNEL32(00000000,?,?,?), ref: 00FAAA4D
                                                                                                        • Part of subcall function 00F64D90: GetForegroundWindow.USER32(?,?,00F7C011,?,?,?,00F9B051,?,00000000,00F7C011,?), ref: 00F64D96
                                                                                                        • Part of subcall function 00F64D90: GetSystemMetrics.USER32(0000004D), ref: 00F64DB5
                                                                                                        • Part of subcall function 00F64D90: GetSystemMetrics.USER32(0000004C), ref: 00F64DBB
                                                                                                        • Part of subcall function 00F64D90: GetSystemMetrics.USER32(0000004E), ref: 00F64DC7
                                                                                                        • Part of subcall function 00F64D90: GetSystemMetrics.USER32(0000004F), ref: 00F64DD5
                                                                                                        • Part of subcall function 00F64D90: __time64.LIBCMT ref: 00F64E20
                                                                                                        • Part of subcall function 00F64D90: GetLastInputInfo.USER32(?), ref: 00F64E4E
                                                                                                      Strings
                                                                                                      • Note, xrefs: 00F723C7
                                                                                                      • Average: %.1f FPS. Worst=%.1f FPS. Missed 60hz: %.0f%%, Missed 30hz: %.0f%%, xrefs: 00F72375
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalMetricsSectionSystem$Window$CounterInterlockedPerformanceQuery$DecrementDeleteEnterForegroundIncrementInfoInitializeInputLastLeaveMessageVisible__time64
                                                                                                      • String ID: Average: %.1f FPS. Worst=%.1f FPS. Missed 60hz: %.0f%%, Missed 30hz: %.0f%%$Note
                                                                                                      • API String ID: 2906531968-2211445369
                                                                                                      • Opcode ID: b15dddad236af3dae0cfc7c591881afba4c7e0e92a44652f6495f97aa95cc037
                                                                                                      • Instruction ID: 316cb9e010a064aefe0616ca9b92758f2c8a954d50b7eb8074457a664c15b662
                                                                                                      • Opcode Fuzzy Hash: b15dddad236af3dae0cfc7c591881afba4c7e0e92a44652f6495f97aa95cc037
                                                                                                      • Instruction Fuzzy Hash: 26917D72908B819BC3A1DF25C88166BF7F5FFDA340F108A1EF0C996155EB399484EB42
                                                                                                      Function 00FA73C0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 150COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA7429
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA743C
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA7496
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA74A5
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA74AC
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA74BF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: CurrentBuild$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                      • API String ID: 2172605799-1172311550
                                                                                                      • Opcode ID: 86cfe09dc33e56c2fd38b3031a0418a88fcb1a67ec69ca5b4901dc0054449bd5
                                                                                                      • Instruction ID: 59141f1c7ce990fe197966d2b36978bfe19492c66742d6ab124086eb157bb752
                                                                                                      • Opcode Fuzzy Hash: 86cfe09dc33e56c2fd38b3031a0418a88fcb1a67ec69ca5b4901dc0054449bd5
                                                                                                      • Instruction Fuzzy Hash: 3C519FF29087418FC721EF64DC8195EBBA4AF86310F14493EF994D7201DB399909ABA2
                                                                                                      Function 00FD94E0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 126memorylibraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00FD9542
                                                                                                      • _memset.LIBCMT ref: 00FD9553
                                                                                                      • WinVerifyTrust.WINTRUST ref: 00FD95EC
                                                                                                      • LoadLibraryA.KERNEL32(Crypt32.dll), ref: 00FD95FC
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000000), ref: 00FD9617
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00FD962D
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FD9638
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FD964B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeInterlockedLibraryString$AllocDecrementIncrementLoadTrustVerify_memset
                                                                                                      • String ID: 0$Crypt32.dll$O
                                                                                                      • API String ID: 838227019-2617204410
                                                                                                      • Opcode ID: 144e3dc8824203ca0d6480077788670c8a0d391457baa61e0b45ffef60d50bd4
                                                                                                      • Instruction ID: fa908ea2e176c39d1914f2d2d9e989fd37809f81592f7a6435c3e05d3d721734
                                                                                                      • Opcode Fuzzy Hash: 144e3dc8824203ca0d6480077788670c8a0d391457baa61e0b45ffef60d50bd4
                                                                                                      • Instruction Fuzzy Hash: 4141CF715087819BC322DF78D844B5BBBE9AF95710F084A2EF5D087351E7B9D504CBA2
                                                                                                      Function 00FC47B0 Relevance: 18.3, APIs: 12, Instructions: 322stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FC44C0: lstrcmpiA.KERNEL32(?), ref: 00FC453E
                                                                                                      • lstrlenA.KERNEL32(?,?,Delete,?), ref: 00FC487A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcmpilstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3649823140-0
                                                                                                      • Opcode ID: 2e4a1c7c00f2f53c6a98cd252cda57d747508537d13bba647da6282ebda978c0
                                                                                                      • Instruction ID: 1ed548fa8e23f261dbba755c08b72189aab8630643ddb01fc9787416506f7fdb
                                                                                                      • Opcode Fuzzy Hash: 2e4a1c7c00f2f53c6a98cd252cda57d747508537d13bba647da6282ebda978c0
                                                                                                      • Instruction Fuzzy Hash: EEC1B475D0011A9BDB29DA24CD53FEDB3B4AB88350F1441DDE749D3280D778AEC5AB90
                                                                                                      Function 00F64760 Relevance: 18.2, APIs: 12, Instructions: 181COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F64A80: InterlockedIncrement.KERNEL32(?), ref: 00F64AE0
                                                                                                        • Part of subcall function 00F64A80: InterlockedDecrement.KERNEL32(?), ref: 00F64AF5
                                                                                                        • Part of subcall function 00F64A80: InterlockedDecrement.KERNEL32(?), ref: 00F64AF8
                                                                                                        • Part of subcall function 00F64A80: InterlockedIncrement.KERNEL32(?), ref: 00F64B07
                                                                                                        • Part of subcall function 00F64B50: InterlockedIncrement.KERNEL32(?), ref: 00F64BB9
                                                                                                        • Part of subcall function 00F64B50: InterlockedDecrement.KERNEL32(?), ref: 00F64BCE
                                                                                                        • Part of subcall function 00F64B50: InterlockedDecrement.KERNEL32(?), ref: 00F64BD1
                                                                                                        • Part of subcall function 00F64B50: InterlockedIncrement.KERNEL32(?), ref: 00F64BE0
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F6482C
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F6483F
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F64857
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F64866
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F64874
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F64883
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F648AB
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F648C0
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F648D2
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F648E1
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F648FB
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F6490A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 2e42949370bc108cbe0cf823dd7e0d4643d2dd06ba92f92e5e487b8312187b9c
                                                                                                      • Instruction ID: 209e424e3ed8023c67bc4cba9d1b13cb03212b4c2d75fc1bdcdd02d30a520863
                                                                                                      • Opcode Fuzzy Hash: 2e42949370bc108cbe0cf823dd7e0d4643d2dd06ba92f92e5e487b8312187b9c
                                                                                                      • Instruction Fuzzy Hash: 7141F533A5078507DA30FE34AC817AA7398EF80770F090636ED50D3145EB2DFA09B6A6
                                                                                                      Function 00F9CBC0 Relevance: 18.2, APIs: 12, Instructions: 180COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F9CC5E
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F9CC71
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CCC1
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9CCD4
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9CCF4
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CD03
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9CD1F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CD2E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9CD52
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CD61
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F9CD91
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CDA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 2cc8b29f05fd1cf77c66e1e416172cb8e771dab84580d4fc106ace6a5fac5c9e
                                                                                                      • Instruction ID: 74752d1321c475e0e5952017a2269d448cbefa7cfd8194b5338ea1b4d939044b
                                                                                                      • Opcode Fuzzy Hash: 2cc8b29f05fd1cf77c66e1e416172cb8e771dab84580d4fc106ace6a5fac5c9e
                                                                                                      • Instruction Fuzzy Hash: 815194B29046124BFF21DF28CC8576E7698EF85710F18093AF851E7151EB28DE09A7E6
                                                                                                      Function 00F8EA90 Relevance: 18.1, APIs: 12, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8EAA7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EAB6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8EAD5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EAE4
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8EB03
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EB12
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8EB31
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EB40
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8EB5F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EB6E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8EBA4
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EBB3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: dc63e4b2581cdfe0d1622e69308d92b57651d2f6b9a61ebb3aca2f06b720b4ee
                                                                                                      • Instruction ID: 50c8cb3bfd6a8645cf79d6f921089d09bf9043dbb05a3b2a0dd18751e0a04121
                                                                                                      • Opcode Fuzzy Hash: dc63e4b2581cdfe0d1622e69308d92b57651d2f6b9a61ebb3aca2f06b720b4ee
                                                                                                      • Instruction Fuzzy Hash: 744170B3911926ABC7347F15DC856EAB724FF40320B59412AD852A3901CB3CFD64ABE5
                                                                                                      Function 00F62BA0 Relevance: 18.1, APIs: 12, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62BB7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62BC6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62BE5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62BF4
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62C13
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62C22
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62C41
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62C50
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62C6F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62C7E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62C9C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62CAB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 8e0120c95e5d2a671b279a8ac4b4f6d163fd5934a92600e2fbb799f9fd1dbe37
                                                                                                      • Instruction ID: f1d9421969c7a15c8bf34b4b96c53c20e1dd018952f107276b187bbbff2a1617
                                                                                                      • Opcode Fuzzy Hash: 8e0120c95e5d2a671b279a8ac4b4f6d163fd5934a92600e2fbb799f9fd1dbe37
                                                                                                      • Instruction Fuzzy Hash: A6318FB3911D269BC6756F14DC856ADB324FF01330B258626D450E3900CB2DED94BBE5
                                                                                                      Function 00F72BA0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 265timewindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 00F72BCF
                                                                                                        • Part of subcall function 00FAAAE0: timeGetTime.WINMM(?,?,00FA9CE9), ref: 00FAAAF5
                                                                                                      • KillTimer.USER32(?,00000000), ref: 00F72DF0
                                                                                                      • SetTimer.USER32(?,00000523,00000064,00000000), ref: 00F72E49
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F72E7B
                                                                                                      • GetSystemMetrics.USER32(0000004D), ref: 00F72E89
                                                                                                      • GetSystemMetrics.USER32(0000004C), ref: 00F72E91
                                                                                                      • GetSystemMetrics.USER32(0000004E), ref: 00F72E99
                                                                                                      • GetSystemMetrics.USER32(0000004F), ref: 00F72EA3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$TimerWindow$KillRectTimeVisibletime
                                                                                                      • String ID: flux/cam$flux/previewlabel
                                                                                                      • API String ID: 3357816690-2392625721
                                                                                                      • Opcode ID: be844367f2e2948be226d12c5ba12c2acf447bda5999b881520346a416b541e6
                                                                                                      • Instruction ID: b28adb5c278479c207816c011f1d5dc4fb7fa7cd2f3a61d81ed72809e5da71f6
                                                                                                      • Opcode Fuzzy Hash: be844367f2e2948be226d12c5ba12c2acf447bda5999b881520346a416b541e6
                                                                                                      • Instruction Fuzzy Hash: 44A1F871A047018FD754EF78CC8475EBBE0BF85310F0486AEE8899B296DB38D948D792
                                                                                                      Function 00F8ECB0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 242networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • send.WSOCK32(?,?,?,00000000), ref: 00F8EE35
                                                                                                      Strings
                                                                                                      • {'id':%d,'method':'set_bright','params':[%d, 'smooth', %d]}, xrefs: 00F8ED54
                                                                                                      • {'id':%d,'method':'set_ct_abx','params':[%d, 'smooth', %d]}, xrefs: 00F8ED7B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: send
                                                                                                      • String ID: {'id':%d,'method':'set_bright','params':[%d, 'smooth', %d]}${'id':%d,'method':'set_ct_abx','params':[%d, 'smooth', %d]}
                                                                                                      • API String ID: 2809346765-1645528732
                                                                                                      • Opcode ID: d2c4f76ffcee07619fc37a911438ea237d44b578da18131e03c6e69a2f349ffc
                                                                                                      • Instruction ID: 66b16906ed6cf7874949369bec8325bdc3f05231b1d12cb5933b5a50b162b7b7
                                                                                                      • Opcode Fuzzy Hash: d2c4f76ffcee07619fc37a911438ea237d44b578da18131e03c6e69a2f349ffc
                                                                                                      • Instruction Fuzzy Hash: 6F811532E043419FD722EE34C881BAB77D9AF92360F054A5AE8809B182E734DD55D7A1
                                                                                                      Function 00FBAEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBAE00: EnterCriticalSection.KERNEL32(?), ref: 00FBAE40
                                                                                                        • Part of subcall function 00FBAE00: LeaveCriticalSection.KERNEL32(?,00000001,?), ref: 00FBAE7C
                                                                                                        • Part of subcall function 00FBB750: SysAllocString.OLEAUT32(Select * from WmiMonitorBrightness), ref: 00FBB791
                                                                                                        • Part of subcall function 00FBB750: SysFreeString.OLEAUT32(00000000), ref: 00FBB85B
                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00FBAF2F
                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00FBAF46
                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?), ref: 00FBAF7E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBAFBC
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBAFCF
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB00D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB020
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB055
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB068
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalSection$DecrementEnterIncrement$LeaveString$AllocFreeSleep
                                                                                                      • String ID: d
                                                                                                      • API String ID: 182786471-2564639436
                                                                                                      • Opcode ID: 49f8e171803ad8697f000882c057ee9201c9f6665b90a422ffcf527e55aecc66
                                                                                                      • Instruction ID: 034fb67591d3e74272a2cc2d993a76667f18be987f241fa21648ea27e0d78c6b
                                                                                                      • Opcode Fuzzy Hash: 49f8e171803ad8697f000882c057ee9201c9f6665b90a422ffcf527e55aecc66
                                                                                                      • Instruction Fuzzy Hash: FD51E8739042459BC720AF6A9C805FEB794EF84320F14467AF9A897140DB39DA44AFD3
                                                                                                      Function 00FB30E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _swscanf.LIBCMT ref: 00FB3125
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB3165
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB3174
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB318A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB31E3
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB31F2
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB3204
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB3213
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB3199
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSection$EnterLeave$_malloc_swscanf
                                                                                                      • String ID: Tooltip %s
                                                                                                      • API String ID: 268761105-3815692353
                                                                                                      • Opcode ID: f346b27061754dd9f493b33d20088ca2d663472eda12cb0616cb014a3bcb2ba5
                                                                                                      • Instruction ID: c8d68fc607eede0a04b1bf34dbac23853f670ca6911b305ab6524a21ec7b3066
                                                                                                      • Opcode Fuzzy Hash: f346b27061754dd9f493b33d20088ca2d663472eda12cb0616cb014a3bcb2ba5
                                                                                                      • Instruction Fuzzy Hash: CA31E373A453155BD720AE6ADC407EF735CEF80321F18453AFD84D6202EB2DDA096BA1
                                                                                                      Function 00F632C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CD49
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CD58
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CDAA
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CDB9
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CDCF
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CDDE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8CE03
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8CE12
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: auth/reset.post$user.json
                                                                                                      • API String ID: 2172605799-525143272
                                                                                                      • Opcode ID: e1297d17a8360aded5a633e17360942020678f40134bdd79cf88988154477c33
                                                                                                      • Instruction ID: da0d9614d48ee0cf11416c6fd96eba63b766e5148318a15f784e04db5695a2b7
                                                                                                      • Opcode Fuzzy Hash: e1297d17a8360aded5a633e17360942020678f40134bdd79cf88988154477c33
                                                                                                      • Instruction Fuzzy Hash: 5D3112739042151BC620FB289C81BFF7788AF84310F49057EF994D2142DA7CEA09A7F6
                                                                                                      Function 00F7E6A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7E70C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7E71F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7E72F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7E742
                                                                                                      • _memset.LIBCMT ref: 00F7E760
                                                                                                      • __snprintf.LIBCMT ref: 00F7E781
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F7E7C7
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F7E7DA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$__snprintf_memset
                                                                                                      • String ID: %s\%s$pollURL
                                                                                                      • API String ID: 2027810247-945526990
                                                                                                      • Opcode ID: 0f93ba5b6dadd0d28a33cfac0d3f28fda93125e6e0c4ef339b0a6991f5ee3d66
                                                                                                      • Instruction ID: 3819435274436031bd36a0747ebe89c64326d85e7a970a6ec0b33d286910a50b
                                                                                                      • Opcode Fuzzy Hash: 0f93ba5b6dadd0d28a33cfac0d3f28fda93125e6e0c4ef339b0a6991f5ee3d66
                                                                                                      • Instruction Fuzzy Hash: 3B41B0B25012159FD725DF10CC85BEB77A8EF48700F04856AF998DB101D73CEA0A8BA7
                                                                                                      Function 00FA7280 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E879
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E888
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E899
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E8A8
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA72E6
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA72F5
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA7318
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA7327
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA732A
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA7339
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA7371
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA7380
                                                                                                      Strings
                                                                                                      • CurrentBuild, xrefs: 00FA72B9
                                                                                                      • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00FA72BE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: CurrentBuild$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                      • API String ID: 2172605799-3551728814
                                                                                                      • Opcode ID: 61a0ba3666186692ae85494cffcb3e5fde57f1e337a6e5e7a27ad21b505bd99e
                                                                                                      • Instruction ID: fc579b4ef6ea37fa8940a0f6de1c2bff2426f6741b19c6b8e499cafa12be95fe
                                                                                                      • Opcode Fuzzy Hash: 61a0ba3666186692ae85494cffcb3e5fde57f1e337a6e5e7a27ad21b505bd99e
                                                                                                      • Instruction Fuzzy Hash: 4831D7B2A0971647DA31FA25DC42FAF7358EF42720F020539FC84E6141EA2DE90977E6
                                                                                                      Function 00FA68F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 96threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00FA6935
                                                                                                      • GetModuleFileNameA.KERNEL32(?,C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe,00000104), ref: 00FA6950
                                                                                                      • __wsplitpath.LIBCMT ref: 00FA69A2
                                                                                                      • wsprintfA.USER32 ref: 00FA69C6
                                                                                                      • wsprintfA.USER32 ref: 00FA69E3
                                                                                                      • _strcpy_s.LIBCMT ref: 00FA69FE
                                                                                                      • InitCommonControlsEx.COMCTL32 ref: 00FA6A59
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wsprintf$CommonControlsCurrentFileInitModuleNameThread__wsplitpath_strcpy_s
                                                                                                      • String ID: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe$Software\%s\%s$Software\Michael Herf\%s
                                                                                                      • API String ID: 4113992448-2225283855
                                                                                                      • Opcode ID: 9576d343a938462f7cb614edf95b25c3e8df15203015901252ada52d31d0513d
                                                                                                      • Instruction ID: 992c96987980adef5331ee47daeb583f4aa7a42157a595dd6877ff8087379220
                                                                                                      • Opcode Fuzzy Hash: 9576d343a938462f7cb614edf95b25c3e8df15203015901252ada52d31d0513d
                                                                                                      • Instruction Fuzzy Hash: 3E31F6B1544380DFD331EB69AC86A9F7BE4AF59700F04041DF1C986142DB79A208DFA7
                                                                                                      Function 00FB8D50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 242COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDeviceCaps.GDI32(?,00000079), ref: 00FB8D96
                                                                                                      • SetDeviceGammaRamp.GDI32(?,?), ref: 00FB8E30
                                                                                                      • SetDeviceGammaRamp.GDI32(?,?), ref: 00FB8E76
                                                                                                      • SetDeviceGammaRamp.GDI32(?,?), ref: 00FB8E9A
                                                                                                      • SetDeviceGammaRamp.GDI32(?,?), ref: 00FB8F0C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Device$GammaRamp$Caps
                                                                                                      • String ID: Preferences$UseInternal$fix1803
                                                                                                      • API String ID: 1870608769-2168021964
                                                                                                      • Opcode ID: 1270e43c5f6d3c5e92262d32e149394bb937384a63821a37d5242b9ef6677a2d
                                                                                                      • Instruction ID: 79d759a13250e6142782297d59c2a232a2abf75fad6af49e36ee58d334a1c9d4
                                                                                                      • Opcode Fuzzy Hash: 1270e43c5f6d3c5e92262d32e149394bb937384a63821a37d5242b9ef6677a2d
                                                                                                      • Instruction Fuzzy Hash: 5291E7B19083808AE721EB35D9457EABBE8AFC53A4F04085EF4C447282CB7D9949DF53
                                                                                                      Function 00F6E2D0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 230COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F61920: InterlockedIncrement.KERNEL32(00000000), ref: 00F6196C
                                                                                                        • Part of subcall function 00F61920: InterlockedDecrement.KERNEL32(00000000), ref: 00F6197B
                                                                                                        • Part of subcall function 00F61920: InterlockedDecrement.KERNEL32(00000000), ref: 00F6198D
                                                                                                        • Part of subcall function 00F61920: InterlockedIncrement.KERNEL32(00000000), ref: 00F6199C
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F6E53A
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F6E549
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6E5FA
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6E609
                                                                                                        • Part of subcall function 00F81E90: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?), ref: 00F81EAC
                                                                                                        • Part of subcall function 00F81E90: SystemTimeToVariantTime.OLEAUT32(?), ref: 00F81EC9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$Time$LocalSystemVariant
                                                                                                      • String ID: (Click to set)$Location: %s$flux/changeloc$flux/latitude$flux/warm
                                                                                                      • API String ID: 96194004-3046993901
                                                                                                      • Opcode ID: 1c1f31005ed5127b1b62df128449efc7b6a94145d996cbf9e39038e7d8c6d646
                                                                                                      • Instruction ID: 1fa69491e3388de85e564ff7c4b9686189afea439aa00caaa7e18de1d1794816
                                                                                                      • Opcode Fuzzy Hash: 1c1f31005ed5127b1b62df128449efc7b6a94145d996cbf9e39038e7d8c6d646
                                                                                                      • Instruction Fuzzy Hash: 0291D332818B459BC321DF36C88029BF7E4BF9A354F084B1DF8C5A7151EB39D585AB92
                                                                                                      Function 00F92AD0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 222COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA72E6
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA72F5
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA7318
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA7327
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA732A
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA7339
                                                                                                        • Part of subcall function 00FA7280: InterlockedDecrement.KERNEL32(00000000), ref: 00FA7371
                                                                                                        • Part of subcall function 00FA7280: InterlockedIncrement.KERNEL32(00000000), ref: 00FA7380
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F92BEB
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F92BFE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F92C3C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F92C4F
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F92D1C
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F92D2F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F92D6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F92D80
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-3916222277
                                                                                                      • Opcode ID: d489af1335b0f6ae66e36cd6663cb07c461f4a8cda4bfe3ebb15873c61dfb071
                                                                                                      • Instruction ID: 0b38ffca9dfe1bc7b0b605dd915e96950054e65b57911163271cee52447e3d94
                                                                                                      • Opcode Fuzzy Hash: d489af1335b0f6ae66e36cd6663cb07c461f4a8cda4bfe3ebb15873c61dfb071
                                                                                                      • Instruction Fuzzy Hash: 6B916DB2908341AFDBA0DF18C8C065EB7E0BF88324F945A2EF599D7240D734DA48DB56
                                                                                                      Function 00F92B18 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F92BEB
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F92BFE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F92C3C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F92C4F
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F92D1C
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F92D2F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F92D6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F92D80
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-3916222277
                                                                                                      • Opcode ID: 5d9ffa79adfea1ee95575faa19153577d89a692744cd6afb768df80a60f38184
                                                                                                      • Instruction ID: 1d0f68b4d3be8281a3c82deaab784719a9a6d447985e17b757ae3cef8c442d24
                                                                                                      • Opcode Fuzzy Hash: 5d9ffa79adfea1ee95575faa19153577d89a692744cd6afb768df80a60f38184
                                                                                                      • Instruction Fuzzy Hash: 775159B2909381AFDBA5CF14C4C065EB7E0BF88320F945A2EF595D7240D738DA44EB56
                                                                                                      Function 00F75420 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 00F75428
                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F75433
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00F7543E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F754C6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F754D5
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F75526
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F75535
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalDecrementIncrementSection$CapsDeviceEnterLeaveRelease
                                                                                                      • String ID: flux$flux/slow
                                                                                                      • API String ID: 1429457918-698160107
                                                                                                      • Opcode ID: f0ec9da44d67ba7299bd5715a2ccf3f64aa68553e06fe2d322e0b33d7f9c6978
                                                                                                      • Instruction ID: 74bc47f85f48fbac8c9bc59ec9bdaf7451480942b192872f4d93058125b576fc
                                                                                                      • Opcode Fuzzy Hash: f0ec9da44d67ba7299bd5715a2ccf3f64aa68553e06fe2d322e0b33d7f9c6978
                                                                                                      • Instruction Fuzzy Hash: D7416872904F419BD321DF24DC4475B73A5FF85B50F048919F9899A140EF38CA49EB93
                                                                                                      Function 00F852A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • SETUP: pGraph->EnumFilters() failed. , xrefs: 00F853DF
                                                                                                      • SETUP: removing filter %s..., xrefs: 00F85381
                                                                                                      • SETUP: filter removed %s , xrefs: 00F853AC
                                                                                                      • SETUP: pGraph->RemoveFilter() failed. , xrefs: 00F853E6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _printf$_memset
                                                                                                      • String ID: SETUP: filter removed %s $SETUP: pGraph->EnumFilters() failed. $SETUP: pGraph->RemoveFilter() failed. $SETUP: removing filter %s...
                                                                                                      • API String ID: 3347557106-2487327435
                                                                                                      • Opcode ID: feab8ee30bc0888aa9c28ab178869567ea994efba7db15a2bc0dc8bcccd76b8c
                                                                                                      • Instruction ID: 2040b31ffd88695d4b9713a96e80a1cac8f0979b4f6852af4bec9433e2cd5107
                                                                                                      • Opcode Fuzzy Hash: feab8ee30bc0888aa9c28ab178869567ea994efba7db15a2bc0dc8bcccd76b8c
                                                                                                      • Instruction Fuzzy Hash: E9415BB16447419FC310EF58D881EABB3E9AFD8700F10892DF5898B261E770E905CBA2
                                                                                                      Function 00F76098 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 115windowmemoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00F76117
                                                                                                      • AppendMenuW.USER32(?,00000000,?,00000000), ref: 00F76131
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00F7613C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7614B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7615E
                                                                                                      • SetForegroundWindow.USER32(?), ref: 00F761B7
                                                                                                      • TrackPopupMenuEx.USER32(75A75360,00000102,?,?,?,00000000), ref: 00F761D4
                                                                                                      • DestroyMenu.USER32(75A75360,?), ref: 00F761F0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$InterlockedString$AllocAppendDecrementDestroyForegroundFreeIncrementPopupTrackWindow
                                                                                                      • String ID: name
                                                                                                      • API String ID: 1646201576-1579384326
                                                                                                      • Opcode ID: 00c5ed9ea3ce5b5e4d706684212ccc9e4794be4ea3cc2e6b9e50445e271637ba
                                                                                                      • Instruction ID: bef78a4e984f90f44769cf7f63ceea39c0eab9d266d4c94f3f97dd20492e6f49
                                                                                                      • Opcode Fuzzy Hash: 00c5ed9ea3ce5b5e4d706684212ccc9e4794be4ea3cc2e6b9e50445e271637ba
                                                                                                      • Instruction Fuzzy Hash: 264190765043419FD724DF60D885AAFB7E5BBC4300F04891EF48AD3245DB39E9499BA3
                                                                                                      Function 00F76096 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114windowmemoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00F76117
                                                                                                      • AppendMenuW.USER32(?,00000000,?,00000000), ref: 00F76131
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00F7613C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7614B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7615E
                                                                                                      • SetForegroundWindow.USER32(?), ref: 00F761B7
                                                                                                      • TrackPopupMenuEx.USER32(75A75360,00000102,?,?,?,00000000), ref: 00F761D4
                                                                                                      • DestroyMenu.USER32(75A75360,?), ref: 00F761F0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$InterlockedString$AllocAppendDecrementDestroyForegroundFreeIncrementPopupTrackWindow
                                                                                                      • String ID: name
                                                                                                      • API String ID: 1646201576-1579384326
                                                                                                      • Opcode ID: ddcdd54938dc1f6f222fe24420cd3e5b0ebefaace77d5049610d7c21b40c27e4
                                                                                                      • Instruction ID: 8913a493d12e36077482332f2c67170aea41db3acfc451a0ab0378ddc2907f2b
                                                                                                      • Opcode Fuzzy Hash: ddcdd54938dc1f6f222fe24420cd3e5b0ebefaace77d5049610d7c21b40c27e4
                                                                                                      • Instruction Fuzzy Hash: 6541CF725043419BC724DF60D889AAFB7E5BBC4300F04891EF48AD3241CB39EA499BA3
                                                                                                      Function 00F96990 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F969B8
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F969C7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F969ED
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F969FC
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96A1C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96A2B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F96A3D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F96A4C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: api
                                                                                                      • API String ID: 2172605799-2902841359
                                                                                                      • Opcode ID: c270b6fd41f2d14fbcba410101a3240c695322249b8d5e151267825f3794d78a
                                                                                                      • Instruction ID: d546998329363bc27304af9ea9f4ec8af04894f19a6a501510ef591c6731fa3e
                                                                                                      • Opcode Fuzzy Hash: c270b6fd41f2d14fbcba410101a3240c695322249b8d5e151267825f3794d78a
                                                                                                      • Instruction Fuzzy Hash: 9121BE735002025BE721DB19DC80FBFB3A8EF85B24F158129E944E3141DB2DE905A6A5
                                                                                                      Function 00F666A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00F666C8
                                                                                                      • SetWindowTextA.USER32(00000000), ref: 00F666CF
                                                                                                      • _strncmp.LIBCMT ref: 00F666F1
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F66708
                                                                                                      • InitializeCriticalSection.KERNEL32(00000010), ref: 00F6672E
                                                                                                      • EnterCriticalSection.KERNEL32(00000010), ref: 00F6675D
                                                                                                      • LeaveCriticalSection.KERNEL32(00000010), ref: 00F66776
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterIncrementInitializeInterlockedItemLeaveTextWindow_strncmp
                                                                                                      • String ID: http$https://justgetflux.com/windows/lights.html
                                                                                                      • API String ID: 3092401262-3104330407
                                                                                                      • Opcode ID: 6934f899e4fffa1e654daeeefaf5748732b03d6d7562deef41f0f26f6dc22597
                                                                                                      • Instruction ID: 9c7d9057afe0840062244c2a9d3054e9bc30faf8630fb204c816e43277d601bb
                                                                                                      • Opcode Fuzzy Hash: 6934f899e4fffa1e654daeeefaf5748732b03d6d7562deef41f0f26f6dc22597
                                                                                                      • Instruction Fuzzy Hash: EB21A3B2940304AFC330DF66DC85E6BBBA8EB58710F00892DF586C7245CA78E944DB60
                                                                                                      Function 00FB90B0 Relevance: 15.3, APIs: 10, Instructions: 265timeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00FB9180
                                                                                                      • GetICMProfileA.GDI32 ref: 00FB919F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB91FA
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB920D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB924E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB9261
                                                                                                      • timeGetTime.WINMM(?,?,?,?), ref: 00FB928A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB9337
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB934A
                                                                                                      • timeGetTime.WINMM(?,?,?,?,?), ref: 00FB936D
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalSectionTimetime$EnterLeaveProfile_memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2179360832-0
                                                                                                      • Opcode ID: eb099139c7217f51e466241d848f323b44b26a3ff7b62e4da24553b6bf6054e3
                                                                                                      • Instruction ID: bb4a20feee1c80ff6e48887ccaee09eabb62f854db7a45e1dabfad33be3beb09
                                                                                                      • Opcode Fuzzy Hash: eb099139c7217f51e466241d848f323b44b26a3ff7b62e4da24553b6bf6054e3
                                                                                                      • Instruction Fuzzy Hash: ACA1E072908202CFC320DF25C884AABBBE5BF89310F158A2DF5C587250DB39D948DF92
                                                                                                      Function 00FA6BC0 Relevance: 15.2, APIs: 10, Instructions: 245windowtimeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • timeGetTime.WINMM ref: 00FA6BE8
                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FA6C08
                                                                                                      • IsDialogMessageA.USER32(00000000,?), ref: 00FA6C38
                                                                                                      • GetParent.USER32(?), ref: 00FA6C43
                                                                                                      • PeekMessageA.USER32(?,00000000,00000200,00000200,00000001), ref: 00FA6C72
                                                                                                      • TranslateAcceleratorA.USER32(00000000,00000000,?), ref: 00FA6C94
                                                                                                      • TranslateMessage.USER32(?), ref: 00FA6CA3
                                                                                                      • DispatchMessageA.USER32(?), ref: 00FA6CAE
                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FA6CBE
                                                                                                        • Part of subcall function 00FAA9D0: timeGetTime.WINMM(?,?,00FAA949,?,?,?), ref: 00FAA9D3
                                                                                                        • Part of subcall function 00FAA9D0: QueryPerformanceCounter.KERNEL32(00000000,?,?,00FAA949,?,?,?), ref: 00FAA9EC
                                                                                                        • Part of subcall function 00FAA9D0: QueryPerformanceFrequency.KERNEL32(00000000,?,?,00FAA949,?,?,?), ref: 00FAAA19
                                                                                                      • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,00000014,000004FF), ref: 00FA6E74
                                                                                                        • Part of subcall function 00FAAA40: QueryPerformanceCounter.KERNEL32(00000000,?,?,?), ref: 00FAAA4D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$PeekPerformanceQuery$CounterTimeTranslatetime$AcceleratorDialogDispatchFrequencyMultipleObjectsParentWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 2264252954-0
                                                                                                      • Opcode ID: 597012bb539adb5e6d29bd0d67d856fc8e1d5d7c6da4245d42d3f7b608985ad8
                                                                                                      • Instruction ID: 4f9f210477450e3e4a21c570e5d6254a4d62a7c2eb13909a857b22b818eda37f
                                                                                                      • Opcode Fuzzy Hash: 597012bb539adb5e6d29bd0d67d856fc8e1d5d7c6da4245d42d3f7b608985ad8
                                                                                                      • Instruction Fuzzy Hash: 7E9112B5A04205DFC730DF24D880A2A77B5FB96360F188A1CF9D1D7294D73AA845DF92
                                                                                                      Function 00F67300 Relevance: 15.1, APIs: 10, Instructions: 94timeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • KillTimer.USER32(?,0000000B,?,?,?,?,00F7A0CD,?,?), ref: 00F67314
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6732D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6733C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F67364
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F67373
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F67398
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F673A7
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F673C6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F673D5
                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,?,?,?,00F7A0CD,?,?), ref: 00F67410
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalDeleteKillSectionTimer
                                                                                                      • String ID:
                                                                                                      • API String ID: 3560983805-0
                                                                                                      • Opcode ID: d93441155d7ccbcbff24092623bbbc02a4d138b4a2d86847d53a98d6e70a9575
                                                                                                      • Instruction ID: 2cf7689b21eb9a57729a9eacab808e41640864fc905b42f7e897ed7b696fbe0d
                                                                                                      • Opcode Fuzzy Hash: d93441155d7ccbcbff24092623bbbc02a4d138b4a2d86847d53a98d6e70a9575
                                                                                                      • Instruction Fuzzy Hash: 15318B738042158BCB31BF54DC8679E7768EF44324F298066EC90EB206CB38AD40BBA1
                                                                                                      Function 00F8A0C0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 306COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strcpy_s
                                                                                                      • String ID: Daytime$Sunset
                                                                                                      • API String ID: 760400715-4151315427
                                                                                                      • Opcode ID: e2160672b1d6ee413cc83a3110e19657510d3cc0c1d78b7feb187ba63519f8ca
                                                                                                      • Instruction ID: e9cd15a1302697586305f119e429c2e7bc988c83652c17c7b456db6f612b7ee1
                                                                                                      • Opcode Fuzzy Hash: e2160672b1d6ee413cc83a3110e19657510d3cc0c1d78b7feb187ba63519f8ca
                                                                                                      • Instruction Fuzzy Hash: 7BC1F532C14F459ED223EA339492265F369BFAB7C0F14C707B946364A2F72974E2A741
                                                                                                      Function 00F73399 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F734EE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F73501
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: $$\log\%d-%s.bmp$\log\%d8.bmp
                                                                                                      • API String ID: 2172605799-1811394144
                                                                                                      • Opcode ID: e42173c7f40bec9c7bf901690517e2180f7c88087ba4b6c4db972e5d08d664de
                                                                                                      • Instruction ID: 35204ba9a7c3a0cbc409c4f3f7df02120a28d0d5adf484aca375102f0945ce22
                                                                                                      • Opcode Fuzzy Hash: e42173c7f40bec9c7bf901690517e2180f7c88087ba4b6c4db972e5d08d664de
                                                                                                      • Instruction Fuzzy Hash: 0A9161729087519FC724DF28C88166EB7E1FFC5300F05892EE9D997311DB34EA45AB92
                                                                                                      Function 00FBA420 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 209COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateDCA.GDI32(DISPLAY,?,00000000,00000000), ref: 00FBA499
                                                                                                      • _memset.LIBCMT ref: 00FBA546
                                                                                                      • GetDeviceGammaRamp.GDI32(00000000,?), ref: 00FBA557
                                                                                                      • SetDeviceGammaRamp.GDI32(00000000,?), ref: 00FBA5A9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DeviceGammaRamp$Create_memset
                                                                                                      • String ID: DISPLAY$H
                                                                                                      • API String ID: 808844740-423613333
                                                                                                      • Opcode ID: e6bb3641ad98b47d277eef4e1239940eeb0dd2946d7b3d6bbd9e46dba6a5bd88
                                                                                                      • Instruction ID: dec91cd2e2369c904c5ee8057f100902327784900c1c7ba31d8a9b3d2f155ad5
                                                                                                      • Opcode Fuzzy Hash: e6bb3641ad98b47d277eef4e1239940eeb0dd2946d7b3d6bbd9e46dba6a5bd88
                                                                                                      • Instruction Fuzzy Hash: 357149B29083008BE721EF35D8857EBB3E9AF85350F084A2DF88497151DB799948DF93
                                                                                                      Function 00F82B80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 161COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FD1A10: GetWindowLongA.USER32(?,000000EC), ref: 00FD1A34
                                                                                                        • Part of subcall function 00FD1A10: SetWindowLongA.USER32(?,000000EC,00000000), ref: 00FD1A52
                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00F82BAF
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F82BF6
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _memset.LIBCMT ref: 00F82C13
                                                                                                        • Part of subcall function 00FA44F0: InterlockedDecrement.KERNEL32(00000000), ref: 00FA45AB
                                                                                                        • Part of subcall function 00FA44F0: InterlockedIncrement.KERNEL32(00000000), ref: 00FA45BE
                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 00F82C86
                                                                                                      • SetWindowLongA.USER32(?,000000EC,00000000), ref: 00F82C9F
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F82CD9
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00F82D01
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Long$Interlocked$CriticalIncrementSection$DecrementEnterInfoLeaveParametersRectSystem_malloc_memset
                                                                                                      • String ID: f.lux note
                                                                                                      • API String ID: 3795242324-2216528552
                                                                                                      • Opcode ID: e1be711dcf28549462b9aed7db046466e2f176ea1ead0dfdf2cb3862982eac2a
                                                                                                      • Instruction ID: c85727d5eb16ddec616f643660116d190d9096b4a8c1446913a10b76f65d0339
                                                                                                      • Opcode Fuzzy Hash: e1be711dcf28549462b9aed7db046466e2f176ea1ead0dfdf2cb3862982eac2a
                                                                                                      • Instruction Fuzzy Hash: 5251BE71604341AFD324DF69C88096BFBE5FFC9320F148A1EF89A83291C774E9448B51
                                                                                                      Function 00F64220 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InitializeCriticalSection.KERNEL32(?,00000120), ref: 00F64248
                                                                                                        • Part of subcall function 00FAA930: QueryPerformanceCounter.KERNEL32(?,?,?,?), ref: 00FAA953
                                                                                                        • Part of subcall function 00FAA930: timeGetTime.WINMM(?,?,?), ref: 00FAA96B
                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?), ref: 00F642AD
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F64368
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F643C7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F643DA
                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00F643F9
                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00F64412
                                                                                                        • Part of subcall function 00F63B50: InitializeCriticalSection.KERNEL32(?,00000000,7591E7E0,?,00000000,?,00F643A0,00000000,?,?,ssdp:all,00000008), ref: 00F63B6C
                                                                                                        • Part of subcall function 00F63B50: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00F643A0,00000000,?,?,ssdp:all,00000008), ref: 00F63B9A
                                                                                                        • Part of subcall function 00F63B50: InterlockedDecrement.KERNEL32(?), ref: 00F63C0C
                                                                                                        • Part of subcall function 00F63B50: InterlockedIncrement.KERNEL32(?), ref: 00F63C1F
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Interlocked$EnterIncrementInitialize$DecrementLeave$CounterCreateEventPerformanceQueryTime_malloctime
                                                                                                      • String ID: ssdp:all
                                                                                                      • API String ID: 1911551751-2869272101
                                                                                                      • Opcode ID: 6108af3fe1811ddbe6b367dcd681b3fccbaa0de0fa96b04f75027999a978784b
                                                                                                      • Instruction ID: 416cf8ac1924403ea6d414e9800a3acd12eb4feb40b2e1c168d9793e9cd45193
                                                                                                      • Opcode Fuzzy Hash: 6108af3fe1811ddbe6b367dcd681b3fccbaa0de0fa96b04f75027999a978784b
                                                                                                      • Instruction Fuzzy Hash: 8F510BB2801789DBCB30DF56CC817DEBBA4BF99304F50862EE9489B201D7799648DF51
                                                                                                      Function 00F944A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 128COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FA89B0: InterlockedDecrement.KERNEL32(00000000), ref: 00FA89F9
                                                                                                        • Part of subcall function 00FA89B0: InterlockedIncrement.KERNEL32(00000000), ref: 00FA8A0E
                                                                                                        • Part of subcall function 00FA89B0: InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8A3F
                                                                                                        • Part of subcall function 00FA89B0: InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A4E
                                                                                                        • Part of subcall function 00FA89B0: InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A51
                                                                                                        • Part of subcall function 00FA89B0: InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8A60
                                                                                                        • Part of subcall function 00FA89B0: InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8A7F
                                                                                                        • Part of subcall function 00FA89B0: InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A8E
                                                                                                        • Part of subcall function 00FA89B0: InterlockedDecrement.KERNEL32(0102B498), ref: 00FA8A91
                                                                                                        • Part of subcall function 00FA89B0: InterlockedIncrement.KERNEL32(0102B498), ref: 00FA8AA0
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9454B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9455E
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F945C0
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F945CF
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F945EC
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F945FB
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection
                                                                                                      • String ID: Windows issue found$f.lux cannot activate
                                                                                                      • API String ID: 880407097-2808236453
                                                                                                      • Opcode ID: 5a9e6eef69db5a5110f5ac26cbcd12e92a0636b097c12f42a8822c0bb1a7fb23
                                                                                                      • Instruction ID: 6a57d12fe7bd611d9905266fc254d2636c0d3f774b830b03ddd5b06f6f75c4a0
                                                                                                      • Opcode Fuzzy Hash: 5a9e6eef69db5a5110f5ac26cbcd12e92a0636b097c12f42a8822c0bb1a7fb23
                                                                                                      • Instruction Fuzzy Hash: 7B41D4729042019FEB30EF64DC81E6A73A8FF94314F450929F595D3141EB3CFA09AB92
                                                                                                      Function 00F72750 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00F72758
                                                                                                      • GetProcessHandleCount.KERNEL32(00000000,?), ref: 00F72766
                                                                                                      • GetProcessMemoryInfo.PSAPI(00000000,?,0000002C), ref: 00F72774
                                                                                                      • ShellExecuteA.SHELL32(00000000,open,00000000,/crash,00000000,00000005), ref: 00F72898
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$CountCurrentExecuteHandleInfoMemoryShell
                                                                                                      • String ID: /crash$C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe$https://justgetflux.com/windows/watchdog.html$open
                                                                                                      • API String ID: 2483415768-3240063697
                                                                                                      • Opcode ID: 0cdf26fbf99ff97c66717198a636c6328e2b69b8e85ae0e9a1dfba42b5566d07
                                                                                                      • Instruction ID: f0e202a926a174b4278952f552ed04de2da31d8e29c6abab20603e0baeca586a
                                                                                                      • Opcode Fuzzy Hash: 0cdf26fbf99ff97c66717198a636c6328e2b69b8e85ae0e9a1dfba42b5566d07
                                                                                                      • Instruction Fuzzy Hash: 7041A4719043029FD354EF64CD819AF77E9FB80760F10892FF49A86141EB39A9499BA3
                                                                                                      Function 00FB29C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _swscanf.LIBCMT ref: 00FB2A04
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB2A29
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB2A3C
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterInterlocked$DecrementIncrementLeave_malloc_swscanf
                                                                                                      • String ID: #include %s$Bad include format$Could not load subtree
                                                                                                      • API String ID: 473168845-3611243628
                                                                                                      • Opcode ID: a4cb2efbc9cdf9936ca0bb38f0382609b778824c90014b36861772ca06bfe400
                                                                                                      • Instruction ID: 3fd35ab6d658016600a318ead48282c7a4a94811591920cd5a101fd8fcaa0cb7
                                                                                                      • Opcode Fuzzy Hash: a4cb2efbc9cdf9936ca0bb38f0382609b778824c90014b36861772ca06bfe400
                                                                                                      • Instruction Fuzzy Hash: 5131C8769002014BD671EB69AC457FB7798EF81710F480839FC85D7141EA2DDB0CABE2
                                                                                                      Function 00F64930 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6499F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F649B4
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F649B7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F649C6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_strncmp
                                                                                                      • String ID: True$reachable$state$true
                                                                                                      • API String ID: 668252347-749438815
                                                                                                      • Opcode ID: 46d09665db4576fa09709ce3a2c3b56d81806e585fcebcf33c84eecb262597c9
                                                                                                      • Instruction ID: 75acc3729a9c81085d92fe8615d2ccfee0d6bd6f66ec048f4c09f2f1345a5ccf
                                                                                                      • Opcode Fuzzy Hash: 46d09665db4576fa09709ce3a2c3b56d81806e585fcebcf33c84eecb262597c9
                                                                                                      • Instruction Fuzzy Hash: A9316C729502512AC725BF70DD42BFF3358AF91320F484628E985D7001EA3EF90DB791
                                                                                                      Function 00F630A0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 102COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,00000000,?,?,00F635AF), ref: 00F630B8
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedIncrement.KERNEL32(?), ref: 00F7E70C
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedDecrement.KERNEL32(?), ref: 00F7E71F
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedIncrement.KERNEL32(?), ref: 00F7E72F
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedDecrement.KERNEL32(?), ref: 00F7E742
                                                                                                        • Part of subcall function 00F7E6A0: _memset.LIBCMT ref: 00F7E760
                                                                                                        • Part of subcall function 00F7E6A0: __snprintf.LIBCMT ref: 00F7E781
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E7C7
                                                                                                        • Part of subcall function 00F7E6A0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E7DA
                                                                                                        • Part of subcall function 00FAA930: QueryPerformanceCounter.KERNEL32(?,?,?,?), ref: 00FAA953
                                                                                                      • _memset.LIBCMT ref: 00F631A5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$_memset$CounterCriticalInitializePerformanceQuerySection__snprintf
                                                                                                      • String ID: Preferences$deviceURL$deviceflags$devicesig$deviceuser$https://api.fluxometer.com
                                                                                                      • API String ID: 434163451-267260377
                                                                                                      • Opcode ID: 5ce626ceaa96aa51dec28106392db4485ec8196a8c3b86aab138e2e92a882e69
                                                                                                      • Instruction ID: 4d60ddd71f0b9f377e2cd26a5cedb0c7c3cbc75c5e8403322cad51c8591b1bab
                                                                                                      • Opcode Fuzzy Hash: 5ce626ceaa96aa51dec28106392db4485ec8196a8c3b86aab138e2e92a882e69
                                                                                                      • Instruction Fuzzy Hash: B14110B1645B46BEC309DF3588817D2FBA4BF69304F84861EE1AC47202D7747168CBE6
                                                                                                      Function 00FA7180 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00FA7190
                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,?), ref: 00FA71A2
                                                                                                      • EnumChildWindows.USER32 ref: 00FA7206
                                                                                                      • CloseHandle.KERNEL32(00000000,00FA70D0,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00FA722C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$ChildCloseEnumHandleOpenThreadWindowWindows
                                                                                                      • String ID: ApplicationFrameHost
                                                                                                      • API String ID: 3583956072-2832986753
                                                                                                      • Opcode ID: 41184e88d65fb67e323895997bed991993daaab4fde65a0c0fca1d0ca8de2d5b
                                                                                                      • Instruction ID: c1c98ce86577c1ef138f618befbf9bf89d9684a875091650d9b2d656aba7b136
                                                                                                      • Opcode Fuzzy Hash: 41184e88d65fb67e323895997bed991993daaab4fde65a0c0fca1d0ca8de2d5b
                                                                                                      • Instruction Fuzzy Hash: AB2101B26083019BC210EF24DC85E5E77E8FF89B21F444929F984D3245D73CEA099BB2
                                                                                                      Function 00FAEA60 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 49windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • wsprintfA.USER32 ref: 00FAEA8B
                                                                                                      • wsprintfA.USER32 ref: 00FAEAA0
                                                                                                      • IsWindow.USER32(00000000), ref: 00FAEAB3
                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00FAEAC4
                                                                                                      • MessageBoxA.USER32(00000000,?,Error,00000010), ref: 00FAEAEA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Windowwsprintf$MessageVisible
                                                                                                      • String ID: %s: [%s]$An error occured parsing: [%s]$Error
                                                                                                      • API String ID: 4244333615-1873899499
                                                                                                      • Opcode ID: 9a6461d411ce95a0335a864a0741e37762f69b0f4b2bab5ff0f65a184df84227
                                                                                                      • Instruction ID: 377cdca1c84506217ccf3f992d90e364b350e9b12a3af6dc8e12de91c29442fc
                                                                                                      • Opcode Fuzzy Hash: 9a6461d411ce95a0335a864a0741e37762f69b0f4b2bab5ff0f65a184df84227
                                                                                                      • Instruction Fuzzy Hash: B6016DB5A00201DBE7349B75EC89F6737A8FB44704F00892DB185C6145EE3DD544DB62
                                                                                                      Function 00FC14F0 Relevance: 13.6, APIs: 9, Instructions: 145networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FC1561
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FC1574
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InternetOpenA.WININET(01031260,00000000,00000000,00000000,00000000), ref: 00FC15BF
                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00FC15F4
                                                                                                      • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,01043EB4,?,00000000), ref: 00FC162E
                                                                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,?,00000000), ref: 00FC1650
                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00FC1674
                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00FC1677
                                                                                                      • InternetCloseHandle.WININET(?), ref: 00FC167E
                                                                                                        • Part of subcall function 00F8F360: InterlockedDecrement.KERNEL32(?), ref: 00F8F368
                                                                                                        • Part of subcall function 00F8F360: InterlockedIncrement.KERNEL32(?), ref: 00F8F37B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Internet$Interlocked$CloseHandle$DecrementHttpIncrementOpenRequest$ConnectCriticalEnterSectionSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3737226014-0
                                                                                                      • Opcode ID: b9d4755ecbf551c0a589279de0620f0b257f1fe380df824f5eba86cb44cedc8c
                                                                                                      • Instruction ID: 823fd6b564f8ef787c047b7ad704e4ccb6047fb2ccc2364938c03fe9af41bb68
                                                                                                      • Opcode Fuzzy Hash: b9d4755ecbf551c0a589279de0620f0b257f1fe380df824f5eba86cb44cedc8c
                                                                                                      • Instruction Fuzzy Hash: 5941C1726043025BE3209B25CD42F9B72E8BFC9750F184A29F585E7181DB78EE159B51
                                                                                                      Function 00FEAE10 Relevance: 13.6, APIs: 9, Instructions: 144COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __fread_nolock$_fseek_ungetc
                                                                                                      • String ID:
                                                                                                      • API String ID: 275392488-0
                                                                                                      • Opcode ID: 8bfdb872b39ddb6ec541fd67c3ab873772e51c259b484e2260d802e03de60a54
                                                                                                      • Instruction ID: b4daa65eccf102452ccf323356110e92cb41d6525d239516e5435fc6fcdc4887
                                                                                                      • Opcode Fuzzy Hash: 8bfdb872b39ddb6ec541fd67c3ab873772e51c259b484e2260d802e03de60a54
                                                                                                      • Instruction Fuzzy Hash: 0B417EB19043407AD724D7269C52BFBBBD9FF84720F404809F6AC97292D279E9049BE3
                                                                                                      Function 00F66520 Relevance: 13.6, APIs: 9, Instructions: 126windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F65C60: IsDlgButtonChecked.USER32(?,?), ref: 00F65C92
                                                                                                      • IsDlgButtonChecked.USER32(?,000003FC), ref: 00F6653F
                                                                                                        • Part of subcall function 00F627A0: RegSetValueExA.ADVAPI32(000F003F,00000000,00000000,?,?,00000004,?,00000000,00000000,000F003F), ref: 00F62847
                                                                                                        • Part of subcall function 00F627A0: RegCloseKey.ADVAPI32(?), ref: 00F62863
                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00F66575
                                                                                                        • Part of subcall function 00F9C690: InterlockedDecrement.KERNEL32 ref: 00F9C6A4
                                                                                                        • Part of subcall function 00F9C690: InterlockedIncrement.KERNEL32 ref: 00F9C6B7
                                                                                                        • Part of subcall function 00F9C690: GetWindowTextLengthA.USER32(00000000), ref: 00F9C6D1
                                                                                                        • Part of subcall function 00F9C690: GetWindowTextA.USER32(00000000,?,00000001), ref: 00F9C70E
                                                                                                        • Part of subcall function 00F623F0: RegCloseKey.ADVAPI32(?,?,?,?,00000000,000F003F,?,00000000,?,75A88FB0,00000000,00000000), ref: 00F62484
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                      • GetDlgItem.USER32(?,000003FF), ref: 00F665AC
                                                                                                      • GetDlgItem.USER32(?,000003FF), ref: 00F665F2
                                                                                                      • EnableWindow.USER32(00000000), ref: 00F665F5
                                                                                                      • GetDlgItem.USER32(?,0000040B), ref: 00F6660D
                                                                                                      • SendMessageA.USER32(00000000), ref: 00F66610
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F66651
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F66664
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrementItem$Window$ButtonCheckedCloseText$EnableLengthMessageSendValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 1400049808-0
                                                                                                      • Opcode ID: f542d0da070e4f388c82c9a2fd3d11c36d4dcb4ad2535c028ea23924613afabc
                                                                                                      • Instruction ID: 0128e714c0ae5056157687dedbe8df5be12bb63dbbe752773de88b6ba88d7d78
                                                                                                      • Opcode Fuzzy Hash: f542d0da070e4f388c82c9a2fd3d11c36d4dcb4ad2535c028ea23924613afabc
                                                                                                      • Instruction Fuzzy Hash: 8C419D766407096BD720EF28DC85AAB77ACEF84700F00852AFD45DB281DB39EE0597A1
                                                                                                      Function 00F63390 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F633AB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F633BA
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F63453
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F63462
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F634A2
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F634B1
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F634D9
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F634E8
                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,?,00F6362B,?,000007D0,000007D0), ref: 00F6353E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalDeleteSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 3749696267-0
                                                                                                      • Opcode ID: f5eaa68aa8ac3a5fe90a9ecb388a0f8524c6aa75c086437beb2d24baa6a451a4
                                                                                                      • Instruction ID: 208b14996aea6d303fb5716619c14f25209a6d3dbf115aa7143e6f271608a777
                                                                                                      • Opcode Fuzzy Hash: f5eaa68aa8ac3a5fe90a9ecb388a0f8524c6aa75c086437beb2d24baa6a451a4
                                                                                                      • Instruction Fuzzy Hash: A84153728105108BCB22AF15CCC17D9B365EF90310F1D85B2ED48DF11ADF79AE41ABA1
                                                                                                      Function 00FA51D0 Relevance: 13.6, APIs: 9, Instructions: 97windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DestroyWindow.USER32(?,00000000,7591E7E0,?,?,?,?,?,?,?), ref: 00FA51E6
                                                                                                      • SetMenu.USER32(?,00000000), ref: 00FA51F9
                                                                                                      • SetWindowLongA.USER32(?,000000EC,00000080), ref: 00FA5213
                                                                                                      • SetWindowLongA.USER32(?,000000F0,94000000), ref: 00FA5220
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00FA5242
                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00FA5265
                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00FA526B
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00FA52B2
                                                                                                      • SetWindowPos.USER32(?,7591E7E0,7591E7E0,7591E7E0,7591E7E0,7591E7E0,00000000,?,?,?,?,?,?), ref: 00FA52D7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$LongMetricsRectSystem$DestroyMenu
                                                                                                      • String ID:
                                                                                                      • API String ID: 3909518371-0
                                                                                                      • Opcode ID: fdbd90c39f7ec531aa70e1c5fac8d1e7d272768f904ec1e29248dbde09274f56
                                                                                                      • Instruction ID: bca9847f4106ec1fc9882256e52ee7bd8d202ddcbb2fdf60595c55a714dc15c1
                                                                                                      • Opcode Fuzzy Hash: fdbd90c39f7ec531aa70e1c5fac8d1e7d272768f904ec1e29248dbde09274f56
                                                                                                      • Instruction Fuzzy Hash: 9C311EB16087059FD310DF69D844A1BFBE9FF88710F548A1EF59193240DB78E9098BA5
                                                                                                      Function 00F62DC0 Relevance: 13.6, APIs: 9, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F9D0E0: WaitForSingleObject.KERNEL32(?), ref: 00F9D114
                                                                                                        • Part of subcall function 00F9D0E0: TerminateThread.KERNEL32(?,00000000), ref: 00F9D12A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62DF6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62E05
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62E24
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62E33
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62E52
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62E61
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62E80
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62E8F
                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F62EBB
                                                                                                        • Part of subcall function 00F7EFF0: InterlockedDecrement.KERNEL32(?), ref: 00F7F01B
                                                                                                        • Part of subcall function 00F7EFF0: InterlockedIncrement.KERNEL32(?), ref: 00F7F02A
                                                                                                        • Part of subcall function 00F7EFF0: InterlockedDecrement.KERNEL32(010C7098), ref: 00F7F051
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Decrement$Increment$CriticalSection$DeleteEnterObjectSingleTerminateThreadWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 3449615987-0
                                                                                                      • Opcode ID: ddb81b897900018a398ea966b4f4001eeb9bf2f81c68c8f4527c377326313aa9
                                                                                                      • Instruction ID: 55cdc0bb9326b21d4f78090b5d31b7e0161daaaf3346873f097a2e4aa2aaf749
                                                                                                      • Opcode Fuzzy Hash: ddb81b897900018a398ea966b4f4001eeb9bf2f81c68c8f4527c377326313aa9
                                                                                                      • Instruction Fuzzy Hash: E43185B3811D16ABC6B56F15DC856AAB724FF20320B65413AE440A3D01CB3EFD64BBE5
                                                                                                      Function 00FB00C4 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 208COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FEBA10: _fseek.LIBCMT ref: 00FEBA58
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB00F2
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB0129
                                                                                                      • _swscanf.LIBCMT ref: 00FB029F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalIncrementInterlockedSection$EnterLeave_fseek_malloc_swscanf
                                                                                                      • String ID: Collision found! (layer/object names must be unique)$Shadows need 4 arguments$g$j
                                                                                                      • API String ID: 2318915004-877443408
                                                                                                      • Opcode ID: 728df2344c920bd248f96c89174a8ea94a05e106b1080cd6c4e42801e6a7867f
                                                                                                      • Instruction ID: 48ce02a0531fa0076361e9a063b150961b2db5c709e8c01c1c496a9d15cb78cd
                                                                                                      • Opcode Fuzzy Hash: 728df2344c920bd248f96c89174a8ea94a05e106b1080cd6c4e42801e6a7867f
                                                                                                      • Instruction Fuzzy Hash: 2961F4B2A04201DBD714EF29DD45AAB73E4EF84714F444968F849C7242EE38ED04EF52
                                                                                                      Function 00FD6E10 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _strncmp.LIBCMT ref: 00FD6E8B
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FD6E9C
                                                                                                      • EnterCriticalSection.KERNEL32(00000010), ref: 00FD6ECC
                                                                                                      • LeaveCriticalSection.KERNEL32(00000010), ref: 00FD6EE6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FD6F21
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FD6F34
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalIncrementSection$DecrementEnterLeave_strncmp
                                                                                                      • String ID: http
                                                                                                      • API String ID: 756638862-2541227442
                                                                                                      • Opcode ID: 63f68d34c1d3203278460cca045f5cae7ca29e9f0a70c8a07d9eab91aebd7b65
                                                                                                      • Instruction ID: f1863d9568958621f07262ffdf3feb3038f3ebdfc2b643330b3c7fa2b0401e41
                                                                                                      • Opcode Fuzzy Hash: 63f68d34c1d3203278460cca045f5cae7ca29e9f0a70c8a07d9eab91aebd7b65
                                                                                                      • Instruction Fuzzy Hash: 53310133B046044BC7209B6EDC8576AF3DAEB85720F2C0A6BF849D7305EA6ADD049795
                                                                                                      Function 00FA8E20 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __wsplitpath.LIBCMT ref: 00FA8E84
                                                                                                        • Part of subcall function 0100055C: __splitpath_helper.LIBCMT ref: 0100059E
                                                                                                        • Part of subcall function 00FA7920: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe,00000104,?,00000000,?,00000000), ref: 00FA7972
                                                                                                        • Part of subcall function 00FA7920: __wsplitpath.LIBCMT ref: 00FA79C7
                                                                                                      • __makepath_s.LIBCMT ref: 00FA8EC1
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA8F19
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA8F80
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA8F93
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA8F2C
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement__wsplitpath$CriticalEnterFileModuleNameSection__makepath_s__splitpath_helper
                                                                                                      • String ID: WindowsApps
                                                                                                      • API String ID: 3019241518-2469476244
                                                                                                      • Opcode ID: 29fa2faabf731fd16245e5941bdc3095373b86b5bf30af8248ebca21b63c8c14
                                                                                                      • Instruction ID: eb6031394f13305b4336ac96f5517ae246fb57925f6778b78972cb9d0857ab59
                                                                                                      • Opcode Fuzzy Hash: 29fa2faabf731fd16245e5941bdc3095373b86b5bf30af8248ebca21b63c8c14
                                                                                                      • Instruction Fuzzy Hash: 3B4106B24083416FC335EB64DC85AEFB3E9AF99310F44492EF19983041EB38E60D9B56
                                                                                                      Function 00FA4A50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114stringwindowregistryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00FA4A75
                                                                                                      • lstrcpynA.KERNEL32(?,0102B498,000000FF), ref: 00FA4B30
                                                                                                      • lstrcpynA.KERNEL32(?,0102B498,0000003F), ref: 00FA4B51
                                                                                                      • lstrcpynA.KERNEL32(?,0102B498,00000040), ref: 00FA4B6E
                                                                                                      • Shell_NotifyIconA.SHELL32(00000000,000001E8), ref: 00FA4B90
                                                                                                      • RegisterWindowMessageA.USER32(TaskbarCreated), ref: 00FA4BB2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcpyn$IconMessageNotifyRegisterShell_Window_memset
                                                                                                      • String ID: TaskbarCreated
                                                                                                      • API String ID: 443059939-2362178303
                                                                                                      • Opcode ID: 0206f5462bf2aaae1bb523c8bbfcfa62632c32f4609d8c9e2b155410bb5b1561
                                                                                                      • Instruction ID: 0bcc5c0f6298b602203b9073c565e4e75af8ff1e39dd5f662d6a397f61e22d83
                                                                                                      • Opcode Fuzzy Hash: 0206f5462bf2aaae1bb523c8bbfcfa62632c32f4609d8c9e2b155410bb5b1561
                                                                                                      • Instruction Fuzzy Hash: E241AEF1A447419BE321CF24C8457ABB7E8BFD6750F08882DE1A587291D7B8F804DB61
                                                                                                      Function 00FC5168 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 113stringregistryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrcmpiA.KERNEL32(?,Delete), ref: 00FC5188
                                                                                                      • lstrcmpiA.KERNEL32(?,ForceRemove), ref: 00FC5197
                                                                                                      • CharNextA.USER32(?,?), ref: 00FC51E6
                                                                                                      • lstrlenA.KERNEL32(?,?,?,?), ref: 00FC525F
                                                                                                      • lstrcmpiA.KERNEL32(?,NoRemove), ref: 00FC52C1
                                                                                                      • lstrcmpiA.KERNEL32(?,Val), ref: 00FC52EB
                                                                                                      • RegCloseKey.ADVAPI32(0000007B,?,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5750
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcmpi$CharCloseNextlstrlen
                                                                                                      • String ID: Delete$ForceRemove
                                                                                                      • API String ID: 1946953807-3704084903
                                                                                                      • Opcode ID: 9e235d3782de7d3bcd4bdca06ebf772165703daf823e6dbfae68890e6aa465c0
                                                                                                      • Instruction ID: c5407c50733fea25db4ff4fc9f0fafa0e53c8db578b09306da85c15604ca8bf0
                                                                                                      • Opcode Fuzzy Hash: 9e235d3782de7d3bcd4bdca06ebf772165703daf823e6dbfae68890e6aa465c0
                                                                                                      • Instruction Fuzzy Hash: 6A310571908B0B8FC7209F699D52F5BB7E9AF84B50F48041DF98593201DB78FC84AB96
                                                                                                      Function 00F95160 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F951CF
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F951E4
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F951E7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F951F6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_strncmp
                                                                                                      • String ID: True$state$true
                                                                                                      • API String ID: 668252347-4258242919
                                                                                                      • Opcode ID: 5b0fb12c96ed5352dc7d0d48488579ffc8664168a0b192040976f5a853de1857
                                                                                                      • Instruction ID: 7648411eb32cc0645ee5155922442379996cf1764c0df2f720a59a4be3d4dedc
                                                                                                      • Opcode Fuzzy Hash: 5b0fb12c96ed5352dc7d0d48488579ffc8664168a0b192040976f5a853de1857
                                                                                                      • Instruction Fuzzy Hash: B4317D72D046115AEF26AB30DC82BFF3354AF91720F484529F985D7001EB3EE90EA791
                                                                                                      Function 00FC5166 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 112stringregistryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrcmpiA.KERNEL32(?,Delete), ref: 00FC5188
                                                                                                      • lstrcmpiA.KERNEL32(?,ForceRemove), ref: 00FC5197
                                                                                                      • CharNextA.USER32(?,?), ref: 00FC51E6
                                                                                                      • lstrlenA.KERNEL32(?,?,?,?), ref: 00FC525F
                                                                                                      • lstrcmpiA.KERNEL32(?,NoRemove), ref: 00FC52C1
                                                                                                      • lstrcmpiA.KERNEL32(?,Val), ref: 00FC52EB
                                                                                                      • RegCloseKey.ADVAPI32(0000007B,?,?,?,00000000,00FC50E5,?,00000000,00000000,00000000), ref: 00FC5750
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcmpi$CharCloseNextlstrlen
                                                                                                      • String ID: Delete$ForceRemove
                                                                                                      • API String ID: 1946953807-3704084903
                                                                                                      • Opcode ID: 63e31a459e2611a6993d80aab6334914212b326bb1cc85f0fe0415bd763847be
                                                                                                      • Instruction ID: 1baf652fe4672bee64e0bc02ecccf74c5aaf8cbb66115b5419aad756945b85b5
                                                                                                      • Opcode Fuzzy Hash: 63e31a459e2611a6993d80aab6334914212b326bb1cc85f0fe0415bd763847be
                                                                                                      • Instruction Fuzzy Hash: 13312771908B0B8FC3209E699D52F5BB7E8AF84B50F48041DF58593201DB78FC84AB96
                                                                                                      Function 00FBC170 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111commemoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00FBC191
                                                                                                      • CoInitializeEx.OLE32(00000000,00000000), ref: 00FBC19D
                                                                                                      • CoCreateInstance.OLE32(0101AA08,00000000,00000001,0101A938,00000000), ref: 00FBC1D5
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00FBC1E4
                                                                                                      • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000004,00000003,00000000,00000000), ref: 00FBC257
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00FBC26A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: String$Free$AllocBlanketCreateInitializeInstanceProxy
                                                                                                      • String ID: root\wmi
                                                                                                      • API String ID: 2222811950-922848465
                                                                                                      • Opcode ID: 9fe4815692b2b1e6a57c859bc0460a3e85eaff1bf80cd16beea7fb3151163d69
                                                                                                      • Instruction ID: 1050fcadf3e56ed78df8d4ed1918be8de77e82e0b148358303d694c14a0bcddb
                                                                                                      • Opcode Fuzzy Hash: 9fe4815692b2b1e6a57c859bc0460a3e85eaff1bf80cd16beea7fb3151163d69
                                                                                                      • Instruction Fuzzy Hash: AB31C071B00341AFE320DEA6DC44FAB77A8AF84B14F084419FA45EB280D379DD09CBA5
                                                                                                      Function 00FCAC20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100registrythreadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __wsplitpath.LIBCMT ref: 00FCAC9B
                                                                                                        • Part of subcall function 0100055C: __splitpath_helper.LIBCMT ref: 0100059E
                                                                                                        • Part of subcall function 00FBFBE0: _strcpy_s.LIBCMT ref: 00FBFBEE
                                                                                                        • Part of subcall function 00FBFBE0: _strcat_s.LIBCMT ref: 00FBFC15
                                                                                                        • Part of subcall function 00FBFBE0: _strcat_s.LIBCMT ref: 00FBFC24
                                                                                                        • Part of subcall function 00FB5560: InterlockedDecrement.KERNEL32(00000000), ref: 00FB55BC
                                                                                                        • Part of subcall function 00FB5560: InterlockedIncrement.KERNEL32(00000000), ref: 00FB55CF
                                                                                                        • Part of subcall function 00FB5560: RegCreateKeyExA.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,?,00000000,00000000,00F6251A), ref: 00FB55F6
                                                                                                      • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000004,?,00000004), ref: 00FCACEE
                                                                                                      • CoInitializeEx.OLE32(00000000,0000000A), ref: 00FCACFF
                                                                                                      • DisableThreadLibraryCalls.KERNEL32(00000000), ref: 00FCAD50
                                                                                                        • Part of subcall function 00FC5E50: CoRegisterClassObject.OLE32(?,80000001,00000004,00000005,00000014,?,?,00FCAD5B), ref: 00FC5EA5
                                                                                                      • CoResumeClassObjects.OLE32 ref: 00FCAD5B
                                                                                                        • Part of subcall function 00F63870: InterlockedDecrement.KERNEL32(?), ref: 00F6387F
                                                                                                        • Part of subcall function 00F63870: InterlockedIncrement.KERNEL32(?), ref: 00F63892
                                                                                                        • Part of subcall function 00FB54E0: RegCloseKey.KERNEL32(00000000,00F6261A), ref: 00FB54F2
                                                                                                        • Part of subcall function 00FB54E0: InterlockedDecrement.KERNEL32(?), ref: 00FB5507
                                                                                                        • Part of subcall function 00FB54E0: InterlockedIncrement.KERNEL32(?), ref: 00FB551A
                                                                                                      Strings
                                                                                                      • C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe, xrefs: 00FCAC63
                                                                                                      • Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, xrefs: 00FCACB1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$Class_strcat_s$CallsCloseCreateDisableInitializeLibraryObjectObjectsRegisterResumeThreadValue__splitpath_helper__wsplitpath_strcpy_s
                                                                                                      • String ID: C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe$Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
                                                                                                      • API String ID: 1656623127-299242783
                                                                                                      • Opcode ID: f47f0039e1113e20c77cb94fd4ac984b1fb090cd654a55459827cdb3ceb0cebe
                                                                                                      • Instruction ID: 9b9e5a4eabd98c769882a76ee0efc4f519a8e81da265c3e33aa9e2ea08136a2c
                                                                                                      • Opcode Fuzzy Hash: f47f0039e1113e20c77cb94fd4ac984b1fb090cd654a55459827cdb3ceb0cebe
                                                                                                      • Instruction Fuzzy Hash: CF3181B26083419FD320EF65DD92A9FB7E4FB98705F80492DF18993141D638AA48DF92
                                                                                                      Function 00F7CF50 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E879
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E888
                                                                                                        • Part of subcall function 00F7E810: InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E899
                                                                                                        • Part of subcall function 00F7E810: InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E8A8
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7CFA7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7CFB6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7D00E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7D01D
                                                                                                      Strings
                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Uninstall\Flux, xrefs: 00F7CF7F
                                                                                                      • DisplayVersion, xrefs: 00F7CF7A
                                                                                                      • %d.%d, xrefs: 00F7CFE3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: %d.%d$DisplayVersion$Software\Microsoft\Windows\CurrentVersion\Uninstall\Flux
                                                                                                      • API String ID: 2172605799-310930106
                                                                                                      • Opcode ID: b7f0c919827d6ef2f6fbb41fb8291eea1f69a0323c9be87f1f107449a7a40dcb
                                                                                                      • Instruction ID: e519753d68291bbaed487d1571562368a46d6dfe9ca69064cba7a476bfeda467
                                                                                                      • Opcode Fuzzy Hash: b7f0c919827d6ef2f6fbb41fb8291eea1f69a0323c9be87f1f107449a7a40dcb
                                                                                                      • Instruction Fuzzy Hash: 2C21C7735047155BD220EE65DC02ADF73A8EF90764F40892EF888D3141EB38EA0A97E3
                                                                                                      Function 00FA8840 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00FA886B
                                                                                                      • GetVersionExA.KERNEL32 ref: 00FA8880
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA88C4
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA88D9
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA88DC
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA88EB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$Version_memset
                                                                                                      • String ID: %d.%d
                                                                                                      • API String ID: 566919779-3954714993
                                                                                                      • Opcode ID: 1b66e99077209b6e5acf671f648670cb2895c6385cedfd54c81a39748b605608
                                                                                                      • Instruction ID: c28382be2fc1a4ae79065f5f93645a7aaf51ae7a2403f87fe0f63b280409678f
                                                                                                      • Opcode Fuzzy Hash: 1b66e99077209b6e5acf671f648670cb2895c6385cedfd54c81a39748b605608
                                                                                                      • Instruction Fuzzy Hash: 7311B1B26057415BD320EB14DC41BAF7798FF8A340F804429F98497141DF7CDA0A9BA7
                                                                                                      Function 00FA84D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 32synchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseExecuteHandleObjectShellSingleWait_memset
                                                                                                      • String ID: <$@$C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
                                                                                                      • API String ID: 280121497-1323185684
                                                                                                      • Opcode ID: 4715845b210da7ee0a1777d8c8430dbca230a1cee75ac375e6a1342f839365b2
                                                                                                      • Instruction ID: c7d0b5a5b02e2fd23cba21b0bffc29f1341a5ba385b97670d3a18aa5f634708a
                                                                                                      • Opcode Fuzzy Hash: 4715845b210da7ee0a1777d8c8430dbca230a1cee75ac375e6a1342f839365b2
                                                                                                      • Instruction Fuzzy Hash: 6DF019B0508341ABE350DF54D949B0BBBE5AF84754F44890DF5D8972A0D7B9C648CB92
                                                                                                      Function 00FC6B10 Relevance: 12.2, APIs: 8, Instructions: 198comCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CoCreateInstance.OLE32(01031C24,00000000,00000001,01031BD4,?,?,?,?), ref: 00FC6BF5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateInstance
                                                                                                      • String ID:
                                                                                                      • API String ID: 542301482-0
                                                                                                      • Opcode ID: 9a44297ba7e581eaaf2f0104721bc520e959aab0a00939ecf138a1b37e0986b8
                                                                                                      • Instruction ID: 2eaf55906bc0423eb1470e7358f451be14fb5fbda7241d40ef9aecd46b527aa0
                                                                                                      • Opcode Fuzzy Hash: 9a44297ba7e581eaaf2f0104721bc520e959aab0a00939ecf138a1b37e0986b8
                                                                                                      • Instruction Fuzzy Hash: E9610335B083429BD730DB19DD42FBAB3E4EF88315F80881EF5C9C6280EB7999459752
                                                                                                      Function 00FC87B0 Relevance: 12.1, APIs: 8, Instructions: 92memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00FC87EC
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00FC881E
                                                                                                      • SysStringLen.OLEAUT32(?), ref: 00FC882F
                                                                                                      • SysStringLen.OLEAUT32(?), ref: 00FC883A
                                                                                                      • CoTaskMemAlloc.OLE32(00000002), ref: 00FC8841
                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00FC8853
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: String$AllocFree$Task
                                                                                                      • String ID:
                                                                                                      • API String ID: 1511711959-0
                                                                                                      • Opcode ID: 58bb2282cf5be9dc8ef3864d4b976475007dbd7cb8690f0cf45b0b373f63ef4d
                                                                                                      • Instruction ID: b393c8fcf62382531a3a55f0f018a511f7745bde721b16e1f5309b50eb2ac895
                                                                                                      • Opcode Fuzzy Hash: 58bb2282cf5be9dc8ef3864d4b976475007dbd7cb8690f0cf45b0b373f63ef4d
                                                                                                      • Instruction Fuzzy Hash: CC21B5736052155BC3119A58AC80E6BB3ECFFC8764F04852EF984D7245CB79DD029BE1
                                                                                                      Function 00F626D0 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F626E3
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F626F2
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62711
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62720
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6273F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6274E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6276D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6277C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: a6a36450bd720182b518ee41d25950fd04b1aefd94411c8f544d6b269c95f92b
                                                                                                      • Instruction ID: e4fecdf6e168d080ba960edd520233db34ebaa0bc2e08c54137838abad18d7e6
                                                                                                      • Opcode Fuzzy Hash: a6a36450bd720182b518ee41d25950fd04b1aefd94411c8f544d6b269c95f92b
                                                                                                      • Instruction Fuzzy Hash: 9F215EB3911E26ABCAB56F14DCC4AA9F324FF01321B158666D450E3900CB2DEE94BBD5
                                                                                                      Function 00F94F70 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F94F83
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F94F92
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F94FB5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F94FC4
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F94FE7
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F94FF6
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F95018
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F95027
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: bfc9046f270881d60b08fc4d6f302f772cdb4c09d5002a55f4880a95abedb80b
                                                                                                      • Instruction ID: 49ba789f185cb30c91a99b52f3557ba3a1f324c81edae4774981067356c4e1b4
                                                                                                      • Opcode Fuzzy Hash: bfc9046f270881d60b08fc4d6f302f772cdb4c09d5002a55f4880a95abedb80b
                                                                                                      • Instruction Fuzzy Hash: 02216D729119235BFB325B11CC44B9AB318FF50724F158121E814E7554DB3CED66ABE4
                                                                                                      Function 00FA7110 Relevance: 12.0, APIs: 8, Instructions: 37sleepsynchronizationthreadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00F7E171), ref: 00FA711A
                                                                                                      • PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00FA7127
                                                                                                      • Sleep.KERNEL32(000007D0), ref: 00FA7132
                                                                                                      • IsWindow.USER32(00000000), ref: 00FA7139
                                                                                                      • OpenProcess.KERNEL32(00000411,00000000,00F7E171), ref: 00FA714F
                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 00FA715E
                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00002710), ref: 00FA716A
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00FA7171
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$Window$CloseHandleMessageObjectOpenPostSingleSleepTerminateThreadWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 1140271240-0
                                                                                                      • Opcode ID: e424cda2aa0a806117a6e4a255e0d1b18857ea3c2498aca699586bdd2fabf74a
                                                                                                      • Instruction ID: b9cb924cfcabe27e71314bf9d1b8e60ae79698c626b9baa284163a3a9ad69607
                                                                                                      • Opcode Fuzzy Hash: e424cda2aa0a806117a6e4a255e0d1b18857ea3c2498aca699586bdd2fabf74a
                                                                                                      • Instruction Fuzzy Hash: FDF05472641620BBE2321BA09C0DFDF37AC9F09B11F148116F786E50C4CBAD5B018BAA
                                                                                                      Function 00FB02DC Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 216COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FEBA10: _fseek.LIBCMT ref: 00FEBA58
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB031C
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                        • Part of subcall function 00F61220: InterlockedIncrement.KERNEL32(?), ref: 00F6122A
                                                                                                        • Part of subcall function 00F61220: InterlockedDecrement.KERNEL32(?), ref: 00F6123D
                                                                                                        • Part of subcall function 00FBDD00: InterlockedDecrement.KERNEL32(?), ref: 00FBDDE3
                                                                                                        • Part of subcall function 00FBDD00: InterlockedIncrement.KERNEL32(?), ref: 00FBDDF6
                                                                                                        • Part of subcall function 00FAEA60: wsprintfA.USER32 ref: 00FAEA8B
                                                                                                        • Part of subcall function 00FAEA60: IsWindow.USER32(00000000), ref: 00FAEAB3
                                                                                                        • Part of subcall function 00FAEA60: IsWindowVisible.USER32(00000000), ref: 00FAEAC4
                                                                                                        • Part of subcall function 00FAEA60: MessageBoxA.USER32(00000000,?,Error,00000010), ref: 00FAEAEA
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB037F
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB03FA
                                                                                                      Strings
                                                                                                      • Collision found! (layer/object names must be unique), xrefs: 00FB146F
                                                                                                      • Statics must have one argument (contents), xrefs: 00FB0452, 00FB0471
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Increment$CriticalDecrementSectionWindow$EnterLeaveMessageVisible_fseek_mallocwsprintf
                                                                                                      • String ID: Collision found! (layer/object names must be unique)$Statics must have one argument (contents)
                                                                                                      • API String ID: 462696576-1739894147
                                                                                                      • Opcode ID: d80cad253dfbcbd3564e97deaa88291573ad55e6f3dff891cadda89969caf097
                                                                                                      • Instruction ID: 7f0459833521c143387e381d7e3fdc9d64d7ce87ab63e5ec0ea0f67a702d0141
                                                                                                      • Opcode Fuzzy Hash: d80cad253dfbcbd3564e97deaa88291573ad55e6f3dff891cadda89969caf097
                                                                                                      • Instruction Fuzzy Hash: 2881D272A043048BC710EF6AC8516EFB3E0AFC8724F18462DF95997241EF39D945DB92
                                                                                                      Function 00FFE778 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                      • String ID:
                                                                                                      • API String ID: 3886058894-0
                                                                                                      • Opcode ID: c0e60742b683170cf214b42ed8337bbb03779c5183392bea5bdaa86e8c06ea7e
                                                                                                      • Instruction ID: 9132c7c46813462d85eee5909ec2f2b0bbbb5e1a18a9b368574565c0e8faae06
                                                                                                      • Opcode Fuzzy Hash: c0e60742b683170cf214b42ed8337bbb03779c5183392bea5bdaa86e8c06ea7e
                                                                                                      • Instruction Fuzzy Hash: 2651B532D0020DEBDB21AF658C445BEBBB5EF90360F148629EA65921F0D7709E51EB60
                                                                                                      Function 00FC0400 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 186COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FC0552
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FC0565
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement_malloc
                                                                                                      • String ID: Calibri$res\scroll.psd
                                                                                                      • API String ID: 1646228547-4053170713
                                                                                                      • Opcode ID: 7862165c777411721f292d9615d327801986377a92181aa8d30558262be4b27d
                                                                                                      • Instruction ID: 1958f86830bc1864619c446ea029991ffea69595e29a6cec642c2e0a3745dfbb
                                                                                                      • Opcode Fuzzy Hash: 7862165c777411721f292d9615d327801986377a92181aa8d30558262be4b27d
                                                                                                      • Instruction Fuzzy Hash: 928180B18143859FD731DF25CC45B9BBBE8BF85700F044A1EF9888B241DBB59608DB92
                                                                                                      Function 00F92480 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD86FB
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD870B
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD871E
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD8731
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD8744
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD8757
                                                                                                        • Part of subcall function 00FD86F0: _memset.LIBCMT ref: 00FD876D
                                                                                                        • Part of subcall function 00FD87D0: InterlockedDecrement.KERNEL32(00000000), ref: 00FD8818
                                                                                                        • Part of subcall function 00FD87D0: InterlockedIncrement.KERNEL32(00000000), ref: 00FD882B
                                                                                                        • Part of subcall function 00FD87D0: InternetCrackUrlA.WININET(00000000,00000001,80000000,?), ref: 00FD8855
                                                                                                        • Part of subcall function 00F91770: InterlockedIncrement.KERNEL32(00000000), ref: 00F917F0
                                                                                                        • Part of subcall function 00F91770: InterlockedDecrement.KERNEL32(00000000), ref: 00F917FF
                                                                                                        • Part of subcall function 00F91770: InterlockedDecrement.KERNEL32(00000000), ref: 00F9181B
                                                                                                        • Part of subcall function 00F91770: InterlockedIncrement.KERNEL32(00000000), ref: 00F9182A
                                                                                                        • Part of subcall function 00F91770: InterlockedDecrement.KERNEL32(00000000), ref: 00F9183C
                                                                                                        • Part of subcall function 00F91770: InterlockedIncrement.KERNEL32(00000000), ref: 00F9184B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9251B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9252A
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F92549
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F92558
                                                                                                      • __wsplitpath.LIBCMT ref: 00F92662
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$_memset$DecrementIncrement$CrackCriticalEnterInternetSection__wsplitpath
                                                                                                      • String ID: media\%s
                                                                                                      • API String ID: 1291123476-935782114
                                                                                                      • Opcode ID: 4a6a8b917fc98572853ba9669fca430681141f000266bfae2157a87697ecba8b
                                                                                                      • Instruction ID: 4c49674a101ef61427cb24a4a7112517861e7e93e6c0b3e033987080c17cc6ba
                                                                                                      • Opcode Fuzzy Hash: 4a6a8b917fc98572853ba9669fca430681141f000266bfae2157a87697ecba8b
                                                                                                      • Instruction Fuzzy Hash: 6051F3725187419BE731DB28CC547EFB7E4BF85350F094A19F495C3181EB38DA08ABA2
                                                                                                      Function 00F8F3A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 165COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F8F040: InterlockedDecrement.KERNEL32(00000000), ref: 00F8F0A3
                                                                                                        • Part of subcall function 00F8F040: InterlockedIncrement.KERNEL32(00000000), ref: 00F8F0B2
                                                                                                        • Part of subcall function 00F8F040: InterlockedDecrement.KERNEL32(?), ref: 00F8F142
                                                                                                        • Part of subcall function 00F8F040: InterlockedIncrement.KERNEL32(?), ref: 00F8F151
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8F501
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8F510
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8F530
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8F53F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: Found YeeLight$Total lamps found: %d
                                                                                                      • API String ID: 2172605799-1896448979
                                                                                                      • Opcode ID: 3f712705ff047a264d590e62552d43c3c85ce174f982422ed490b99756578a5a
                                                                                                      • Instruction ID: c773286bb7619b2d21c6ea91e5233ca8377e8759aefa2b59deca43ad7453b0fc
                                                                                                      • Opcode Fuzzy Hash: 3f712705ff047a264d590e62552d43c3c85ce174f982422ed490b99756578a5a
                                                                                                      • Instruction Fuzzy Hash: C151AC729082428FCB20EF28C8C09AEBBE5BF84314F54493EE595D7241DB3AD94DDB52
                                                                                                      Function 00FE74C0 Relevance: 10.6, APIs: 7, Instructions: 130COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(010BF290,?,?,?,00000080,?,00FE7B99,00000080,?,?,?,?,?,?,00FBE1C6,00000000), ref: 00FE74D3
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FE750C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FE751F
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FE755F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FE7572
                                                                                                      • LeaveCriticalSection.KERNEL32(010BF290,?,00000080,?,00FE7B99,00000080,?,?,?,?,?,?,00FBE1C6,00000000,?,00000080), ref: 00FE75D4
                                                                                                      • LeaveCriticalSection.KERNEL32(010BF290,?,00000080,?,00FE7B99,00000080,?,?,?,?,?,?,00FBE1C6,00000000,?,00000080), ref: 00FE75F0
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalInterlockedSection$DecrementEnterIncrementLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3342037012-0
                                                                                                      • Opcode ID: 08097a879053f12c6ddd9b3ad69a120691a65fb327ed2934ac322ec228b8ba4a
                                                                                                      • Instruction ID: 5c62c0f857ec4eb931139f746fc61d8759c7cb1a8f81f9a521776aa03d86965d
                                                                                                      • Opcode Fuzzy Hash: 08097a879053f12c6ddd9b3ad69a120691a65fb327ed2934ac322ec228b8ba4a
                                                                                                      • Instruction Fuzzy Hash: CD414E367087814FC335EB3AECC47A9B361FF45371B188226E5C1C7684DB2AD944AB50
                                                                                                      Function 00F80F90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • AdjustWindowRect.USER32(000000F8,00CF0000,00000000), ref: 00F80FB1
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F80FF4
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _memset.LIBCMT ref: 00F8100D
                                                                                                        • Part of subcall function 00FA44F0: InterlockedDecrement.KERNEL32(00000000), ref: 00FA45AB
                                                                                                        • Part of subcall function 00FA44F0: InterlockedIncrement.KERNEL32(00000000), ref: 00FA45BE
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F81092
                                                                                                      • SetWindowPos.USER32(?,000000FF,00000098,?,?,00000000,00000000), ref: 00F810B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InterlockedWindow$CriticalIncrementRectSection$AdjustDecrementEnterLeave_malloc_memset
                                                                                                      • String ID: About f.lux
                                                                                                      • API String ID: 277862840-3396771608
                                                                                                      • Opcode ID: 44e48349e2eeb69a38d8d16605573c026ea69a3e48ffe491babac971c11be442
                                                                                                      • Instruction ID: 11be4d472deec4eefdcb968327d368915763bc67fbf351aca4c0ca70a58606df
                                                                                                      • Opcode Fuzzy Hash: 44e48349e2eeb69a38d8d16605573c026ea69a3e48ffe491babac971c11be442
                                                                                                      • Instruction Fuzzy Hash: BF413B725043449FD310EFA9CC8086FBBE9FBC8714F044A1DF59993241DA78EE458BA1
                                                                                                      Function 00F6C620 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6C699
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6C6A8
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6C763
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6C772
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                      Strings
                                                                                                      • Light is making your body later., xrefs: 00F6C6CE
                                                                                                      • Light is making your body earlier., xrefs: 00F6C70A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: Light is making your body earlier.$Light is making your body later.
                                                                                                      • API String ID: 2172605799-353579548
                                                                                                      • Opcode ID: 7c2853c0b610638586c32af3368480b11477399edf1d412df06eb5d1f40c73ec
                                                                                                      • Instruction ID: 0bf2d9431b87e1988f8b54c57fe11fbbd68968d46c2297002f1e54423609e34c
                                                                                                      • Opcode Fuzzy Hash: 7c2853c0b610638586c32af3368480b11477399edf1d412df06eb5d1f40c73ec
                                                                                                      • Instruction Fuzzy Hash: F041BB325047445BC311EF21DC51AAF77E8BF85754F444A1AF8C8B7001EB2DA709ABD6
                                                                                                      Function 00FA46F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                        • Part of subcall function 00FA49E0: GetClassInfoA.USER32(00000000,ytWindow,?), ref: 00FA49FC
                                                                                                        • Part of subcall function 00FA49E0: GetClassInfoA.USER32(00000000,ytDialog,?), ref: 00FA4A0E
                                                                                                        • Part of subcall function 00FA49E0: GetWindowLongA.USER32(?,000000FC), ref: 00FA4A1F
                                                                                                      • GetWindowLongA.USER32(00000000,000000EB), ref: 00FA4787
                                                                                                        • Part of subcall function 00FA4810: InterlockedDecrement.KERNEL32(8BD2FFCD), ref: 00FA4824
                                                                                                        • Part of subcall function 00FA4810: InterlockedIncrement.KERNEL32(8BD2FFCD), ref: 00FA4854
                                                                                                        • Part of subcall function 00FA4810: SetWindowLongA.USER32(57FC6A55,000000EB,00FA4799), ref: 00FA4861
                                                                                                      • GetWindowLongA.USER32(00000000,000000FC), ref: 00FA47B4
                                                                                                      • GetClassInfoA.USER32(00000000,ytWindow,?), ref: 00FA47CE
                                                                                                      • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 00FA47F3
                                                                                                      • SetWindowLongA.USER32(00000000,000000FC,?), ref: 00FA47F9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LongWindow$ClassInfo$Interlocked$DecrementIncrement_malloc
                                                                                                      • String ID: ytWindow
                                                                                                      • API String ID: 1493945487-4086365346
                                                                                                      • Opcode ID: edb627be0d62edcfaae6074a11057f0b7d19053ec20d94202ee4af1e3f32b56c
                                                                                                      • Instruction ID: f7b4b39992a6da6cad31b5411cf78edab0c1e9ca76b053706f4abcc71656bbf0
                                                                                                      • Opcode Fuzzy Hash: edb627be0d62edcfaae6074a11057f0b7d19053ec20d94202ee4af1e3f32b56c
                                                                                                      • Instruction Fuzzy Hash: 5F416BB4900B509FC3309F2AD8C0527FBE0FF4A724B904A2EE99A83B51C379B544DB55
                                                                                                      Function 00FBEA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101timeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FAAA40: QueryPerformanceCounter.KERNEL32(00000000,?,?,?), ref: 00FAAA4D
                                                                                                        • Part of subcall function 00FAAA40: timeGetTime.WINMM(?,?,?), ref: 00FAAA92
                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00FBEA7D
                                                                                                      • timeGetTime.WINMM ref: 00FBEA8D
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • wsprintfA.USER32 ref: 00FBEAA6
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FBEAF2
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FBEB05
                                                                                                        • Part of subcall function 00FAA9D0: timeGetTime.WINMM(?,?,00FAA949,?,?,?), ref: 00FAA9D3
                                                                                                        • Part of subcall function 00FAA9D0: QueryPerformanceCounter.KERNEL32(00000000,?,?,00FAA949,?,?,?), ref: 00FAA9EC
                                                                                                        • Part of subcall function 00FAA9D0: QueryPerformanceFrequency.KERNEL32(00000000,?,?,00FAA949,?,?,?), ref: 00FAAA19
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: PerformanceQuery$CounterTimetime$Interlocked$CriticalDecrementEnterFrequencyIncrementSectionwsprintf
                                                                                                      • String ID: FPS: %dfps (%dms).
                                                                                                      • API String ID: 3285570564-624924060
                                                                                                      • Opcode ID: 74c95e942652c56dc680627444b5bcbda376a91e075131e053403c00eb066e30
                                                                                                      • Instruction ID: d1b467a7ae415f991ce428aba004735ae73fc72c6767824675db52a187646d19
                                                                                                      • Opcode Fuzzy Hash: 74c95e942652c56dc680627444b5bcbda376a91e075131e053403c00eb066e30
                                                                                                      • Instruction Fuzzy Hash: 2D3191716003418BC724EF24D885AEA77E8FF84310F05896DF896CB259DB3CD908DBA2
                                                                                                      Function 00F76660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 99COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F766F5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F76704
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F76728
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F76737
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: This feature needs Windows Aero$f.lux needs you to use an Aero theme
                                                                                                      • API String ID: 2172605799-502656576
                                                                                                      • Opcode ID: e5a25a7ba206f54875b2b7980552e3586fb44d72a81fe921199e6259b79a21c1
                                                                                                      • Instruction ID: 17f09906257b91872a2e782aa39625f9c7b1297b826339c52635ce6fefe1897f
                                                                                                      • Opcode Fuzzy Hash: e5a25a7ba206f54875b2b7980552e3586fb44d72a81fe921199e6259b79a21c1
                                                                                                      • Instruction Fuzzy Hash: 4C21F5726046025FD714EE28DC84AAB77E8EBC4354F45897AF988C7101EE39DD0D97A2
                                                                                                      Function 00FBA0C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateDCA.GDI32(DISPLAY,?,00000000,00000000), ref: 00FBA12C
                                                                                                      • _memset.LIBCMT ref: 00FBA15D
                                                                                                      • DeleteDC.GDI32(00000000), ref: 00FBA190
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDelete_memset
                                                                                                      • String ID: DISPLAY$H
                                                                                                      • API String ID: 426449957-423613333
                                                                                                      • Opcode ID: 5105ec8435f5912141423f8195a8c3cfbec4e193932157570063114c9e5075da
                                                                                                      • Instruction ID: 644e4a80bec79a4a808a6728b004e49f14b81cf55e04b499aa16d998013f7101
                                                                                                      • Opcode Fuzzy Hash: 5105ec8435f5912141423f8195a8c3cfbec4e193932157570063114c9e5075da
                                                                                                      • Instruction Fuzzy Hash: 2B31C472A043049BD760DB19D8457BBB3E5FBD4324F00852EE99683280DB79A844DFA3
                                                                                                      Function 00F7E8C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00F7E94C
                                                                                                      • __snprintf.LIBCMT ref: 00F7E969
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F7E9AC
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F7E9BF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement__snprintf_memset
                                                                                                      • String ID: %s\%s$pollURLrate
                                                                                                      • API String ID: 867481810-3409146693
                                                                                                      • Opcode ID: d69fd425f655e10236db93c1314c37376897e83104d9ab323bf866e1a09cc7f3
                                                                                                      • Instruction ID: 5a1d16674709f4883532b71cc4f48db2eeac703c872cc4ea521f4ee55339f886
                                                                                                      • Opcode Fuzzy Hash: d69fd425f655e10236db93c1314c37376897e83104d9ab323bf866e1a09cc7f3
                                                                                                      • Instruction Fuzzy Hash: DD3183B25043059FD720DF14DC45BEBB7E9EF88704F00896EFA8897141D779EA088B96
                                                                                                      Function 00FAEB10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FAEB32
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • __wsplitpath.LIBCMT ref: 00FAEBAF
                                                                                                      • __wsplitpath.LIBCMT ref: 00FAEC34
                                                                                                      • __makepath_s.LIBCMT ref: 00FAEC7C
                                                                                                        • Part of subcall function 00FADEC0: InitializeCriticalSection.KERNEL32(00FAEB5E,00000618,?,?,00000000,00FAEB4E,00000000), ref: 00FADEDA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$__wsplitpath$EnterIncrementInitializeInterlockedLeave__makepath_s_malloc
                                                                                                      • String ID: res\$runtime\
                                                                                                      • API String ID: 830126055-1814509133
                                                                                                      • Opcode ID: 9cc95a9148da4010de281c03f2f6b63ab5a6d9447e9bc86aa90a3b873d2eb832
                                                                                                      • Instruction ID: 7f6079ed30d2ac5727d1813bc1b949da538ebc3413020595c179b54ecc1915cf
                                                                                                      • Opcode Fuzzy Hash: 9cc95a9148da4010de281c03f2f6b63ab5a6d9447e9bc86aa90a3b873d2eb832
                                                                                                      • Instruction Fuzzy Hash: FC3106B25893C4AED331EB6A8C91ADF7B989BE5600F84482EF1CA87142E535510CCF67
                                                                                                      Function 00F64D90 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetForegroundWindow.USER32(?,?,00F7C011,?,?,?,00F9B051,?,00000000,00F7C011,?), ref: 00F64D96
                                                                                                      • GetSystemMetrics.USER32(0000004D), ref: 00F64DB5
                                                                                                      • GetSystemMetrics.USER32(0000004C), ref: 00F64DBB
                                                                                                      • GetSystemMetrics.USER32(0000004E), ref: 00F64DC7
                                                                                                      • GetSystemMetrics.USER32(0000004F), ref: 00F64DD5
                                                                                                      • __time64.LIBCMT ref: 00F64E20
                                                                                                      • GetLastInputInfo.USER32(?), ref: 00F64E4E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$ForegroundInfoInputLastWindow__time64
                                                                                                      • String ID:
                                                                                                      • API String ID: 2481667644-0
                                                                                                      • Opcode ID: 7e77ace9540c5e15b5a9da2fceee136e9e8dac9f267d536437d68bbc07abf40c
                                                                                                      • Instruction ID: 292e415d2ab81deb9f244749e21faffe331de367c2e446ccc6bb003ecb8276fa
                                                                                                      • Opcode Fuzzy Hash: 7e77ace9540c5e15b5a9da2fceee136e9e8dac9f267d536437d68bbc07abf40c
                                                                                                      • Instruction Fuzzy Hash: 98315E71A007018FD734EF25D980A2BB7F1FF98714F008A1EE59A83A45D739F9888B65
                                                                                                      Function 00F6B450 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63690: InternetCloseHandle.WININET(?), ref: 00F636A6
                                                                                                        • Part of subcall function 00F63690: InternetCloseHandle.WININET(?), ref: 00F636B0
                                                                                                        • Part of subcall function 00F63690: InternetCloseHandle.WININET(?), ref: 00F636BA
                                                                                                        • Part of subcall function 00F6E7D0: InterlockedIncrement.KERNEL32(010C7098), ref: 00F6E7F1
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B4F4
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B503
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6B527
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6B536
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CloseHandleIncrementInternet$Decrement
                                                                                                      • String ID: Disconnected$f.lux is set to default settings
                                                                                                      • API String ID: 472913789-2839445789
                                                                                                      • Opcode ID: b53d2bd328f30737a29d60efda5569b1ca08dd88a0850a0a9969bb6cc2b4c28d
                                                                                                      • Instruction ID: e73b2ddac87bdad187c6704dc89fe7df28d5cce8cdeac0b5f05f3ea22854f979
                                                                                                      • Opcode Fuzzy Hash: b53d2bd328f30737a29d60efda5569b1ca08dd88a0850a0a9969bb6cc2b4c28d
                                                                                                      • Instruction Fuzzy Hash: C02102326042059BD720FB25DC41BAFB7E8EF80320F450629F984D3155EB39EE159BA2
                                                                                                      Function 00FF4150 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _malloc.LIBCMT ref: 00FF4163
                                                                                                        • Part of subcall function 00FFD17A: __FF_MSGBANNER.LIBCMT ref: 00FFD19D
                                                                                                        • Part of subcall function 00FFD17A: __NMSG_WRITE.LIBCMT ref: 00FFD1A4
                                                                                                        • Part of subcall function 00FFD17A: HeapAlloc.KERNEL32(00000000,?,00000001,00000000,00000000,?,010061D5,?,00000001,?,?,010021D1,00000018,0103EB20,0000000C,01002262), ref: 00FFD1F1
                                                                                                      • _getenv.LIBCMT ref: 00FF4204
                                                                                                      • _swscanf.LIBCMT ref: 00FF4225
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocHeap_getenv_malloc_swscanf
                                                                                                      • String ID: %ld%c$JPEGMEM$x
                                                                                                      • API String ID: 1040865567-3402169052
                                                                                                      • Opcode ID: 9d5caad2b0f8390fac6b1dca45c36969906220b4cb176cedd28ed69a3bd34ee8
                                                                                                      • Instruction ID: e98175c2c52c8a7938dc70909c545917e641e17bafeda5a42d2abd3af55594a3
                                                                                                      • Opcode Fuzzy Hash: 9d5caad2b0f8390fac6b1dca45c36969906220b4cb176cedd28ed69a3bd34ee8
                                                                                                      • Instruction Fuzzy Hash: 28314DB19057049FD320CF1AD984527FBE8FF90714B008A1EE29A8B761D3B4E649DF92
                                                                                                      Function 010129CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindMITargetTypeInstance.LIBCMT ref: 01012A20
                                                                                                        • Part of subcall function 0101276C: PMDtoOffset.LIBCMT ref: 010127FC
                                                                                                      • FindVITargetTypeInstance.LIBCMT ref: 01012A27
                                                                                                      • PMDtoOffset.LIBCMT ref: 01012A37
                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 01012A5D
                                                                                                      • __CxxThrowException@8.LIBCMT ref: 01012A6B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FindInstanceOffsetTargetType$Exception@8Throwstd::bad_exception::bad_exception
                                                                                                      • String ID: Bad dynamic_cast!
                                                                                                      • API String ID: 3308565544-2956939130
                                                                                                      • Opcode ID: 5a1f4f4ae9be439b66dcd1e052a41986cc7e2aa0b0611840a27f3f62d45309df
                                                                                                      • Instruction ID: aba97e4bf24bef60fac2f64b32dc9b0fb9667150be8e3ae518eaa486e0f21170
                                                                                                      • Opcode Fuzzy Hash: 5a1f4f4ae9be439b66dcd1e052a41986cc7e2aa0b0611840a27f3f62d45309df
                                                                                                      • Instruction Fuzzy Hash: 4C11D633E0020A9FDB25EF68C845ADE77F4AF58651F644449E881E7298DB38D901CB91
                                                                                                      Function 00FD86F0 Relevance: 10.6, APIs: 7, Instructions: 64COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2102423945-0
                                                                                                      • Opcode ID: d76c42fd3dae03ea7d08e52cdb1bc718ea8f48a6f0cbcd7de2d4bcb5b85dc2ed
                                                                                                      • Instruction ID: 52f396a272bc50eeaa8f7103f2d65c5317eda43f79f028e38755421e920e5ece
                                                                                                      • Opcode Fuzzy Hash: d76c42fd3dae03ea7d08e52cdb1bc718ea8f48a6f0cbcd7de2d4bcb5b85dc2ed
                                                                                                      • Instruction Fuzzy Hash: C021B7B1540F05ABE321DF61D881FD7B7E9BB48740F50482EE39AA66C0E7B4F1058A68
                                                                                                      Function 00FA4920 Relevance: 10.6, APIs: 7, Instructions: 59threadwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00FA493E
                                                                                                      • EnumThreadWindows.USER32(00000000), ref: 00FA4945
                                                                                                      • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 00FA4958
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA496B
                                                                                                      • IsWindow.USER32(?), ref: 00FA499A
                                                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 00FA49B8
                                                                                                      • DestroyWindow.USER32(?), ref: 00FA49CF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Thread$CurrentDecrementDestroyEnumInterlockedLongMessagePostWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 2612283384-0
                                                                                                      • Opcode ID: 4e05986c974caa9b792af6113f24b617a30346490916f182face4e383e16ab76
                                                                                                      • Instruction ID: 4682cf575c5f5ac6c061590799cfc757224b79dd1cb2bc426e6bcbb0b8f60991
                                                                                                      • Opcode Fuzzy Hash: 4e05986c974caa9b792af6113f24b617a30346490916f182face4e383e16ab76
                                                                                                      • Instruction Fuzzy Hash: 8E118CB0A007419FE7308B75D84CB17BBE8AB5A324F04891AF182C6580CBBDF954EB15
                                                                                                      Function 00F84F30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58synchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WaitForSingleObject.KERNEL32(?,00000000), ref: 00F84F3B
                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00F84F6F
                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00F84F94
                                                                                                      • SetEvent.KERNEL32(?), ref: 00F84F9E
                                                                                                      • _printf.LIBCMT ref: 00F84FB1
                                                                                                      Strings
                                                                                                      • ERROR: SampleCB() - buffer sizes do not match, xrefs: 00F84FAC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterEventLeaveObjectSingleWait_printf
                                                                                                      • String ID: ERROR: SampleCB() - buffer sizes do not match
                                                                                                      • API String ID: 1582184447-1601421935
                                                                                                      • Opcode ID: 46030e24d8010d0d911bd0f6bac05a81ba44857ef81d0baa4f2eb18aa06c6aa5
                                                                                                      • Instruction ID: 6d12af4ea6047d35d426ba3c5501bc289d42dbb6ceb69ed4540c93bf95417b7e
                                                                                                      • Opcode Fuzzy Hash: 46030e24d8010d0d911bd0f6bac05a81ba44857ef81d0baa4f2eb18aa06c6aa5
                                                                                                      • Instruction Fuzzy Hash: E6115A766006019FD320EF64E884E67B3F9EF98720B10C81EF68683601D779F906CBA1
                                                                                                      Function 00F7D310 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000008,00000000,00000000,00F7D579), ref: 00F7D31B
                                                                                                      • GetProcAddress.KERNEL32(00000000,RegisterPowerSettingNotification), ref: 00F7D32D
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00F7D33A
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00F7D38C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$Free$AddressLoadProc
                                                                                                      • String ID: RegisterPowerSettingNotification$user32.dll
                                                                                                      • API String ID: 1386263645-3540317355
                                                                                                      • Opcode ID: 188c3eab6e600a38f5f796214878bf821cf8a10504a77e8444170b2298543690
                                                                                                      • Instruction ID: c5f2f35a116dd3328484a486fd50edb73a5b2057a7e760e67100c7f95fca208c
                                                                                                      • Opcode Fuzzy Hash: 188c3eab6e600a38f5f796214878bf821cf8a10504a77e8444170b2298543690
                                                                                                      • Instruction Fuzzy Hash: 58F04F71B8032536E17236B21CCAF7B1D2C9F81FB1F10810BFA85BC0C68ADC99016666
                                                                                                      Function 00FA8C60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateWellKnownSid.ADVAPI32 ref: 00FA8C95
                                                                                                      • CheckTokenMembership.ADVAPI32(?,00000000,?), ref: 00FA8CAE
                                                                                                      • GetLastError.KERNEL32 ref: 00FA8CBC
                                                                                                      • CloseHandle.KERNEL32(?), ref: 00FA8CCD
                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00FA8CED
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CheckCloseCreateErrorException@8HandleKnownLastMembershipThrowTokenWell
                                                                                                      • String ID: D
                                                                                                      • API String ID: 1601670237-2746444292
                                                                                                      • Opcode ID: 4f79a5775609874a221374323e2de1792904e9492803ce8ada58cff157be5527
                                                                                                      • Instruction ID: 5e5b855aabd45397ffacabf836f048ae62cb097bdab683a7f76f7c418c60cb0d
                                                                                                      • Opcode Fuzzy Hash: 4f79a5775609874a221374323e2de1792904e9492803ce8ada58cff157be5527
                                                                                                      • Instruction Fuzzy Hash: BB1182B56053129FD311DF60D945B9BBBE8AF84B50F00880DF58586240DBB8D909DFE2
                                                                                                      Function 00F86440 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F872D0: CoCreateInstance.OLE32(01018A0C,00000000,00000001,01018AAC,?,?,?,00000000,?,?,00000000,?,?,?,?,00F86014), ref: 00F872F3
                                                                                                      • _printf.LIBCMT ref: 00F86458
                                                                                                      • _printf.LIBCMT ref: 00F8646D
                                                                                                        • Part of subcall function 00FFD4B4: __stbuf.LIBCMT ref: 00FFD50A
                                                                                                        • Part of subcall function 00FFD4B4: __output_l.LIBCMT ref: 00FFD522
                                                                                                        • Part of subcall function 00FFD4B4: __ftbuf.LIBCMT ref: 00FFD533
                                                                                                        • Part of subcall function 00F86B20: _printf.LIBCMT ref: 00F86B7C
                                                                                                        • Part of subcall function 00F86B20: CoCreateInstance.OLE32(010189EC,00000000,00000001,01018AEC,?,?,00F86014), ref: 00F86B96
                                                                                                        • Part of subcall function 00F86B20: _printf.LIBCMT ref: 00F86BA9
                                                                                                      • _printf.LIBCMT ref: 00F8648C
                                                                                                      Strings
                                                                                                      • SETUP: can't setup, device %i is currently being used, xrefs: 00F86487
                                                                                                      • SETUP: this means that the last device you can use is device[%i] , xrefs: 00F86468
                                                                                                      • SETUP: device[%i] not found - you have %i devices available, xrefs: 00F86453
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _printf$CreateInstance$__ftbuf__output_l__stbuf
                                                                                                      • String ID: SETUP: can't setup, device %i is currently being used$SETUP: device[%i] not found - you have %i devices available$SETUP: this means that the last device you can use is device[%i]
                                                                                                      • API String ID: 3404404435-2063224592
                                                                                                      • Opcode ID: 91755eca4e9eb0beebec3ee09a34b4ad4150c69130d222ef064f81d398563632
                                                                                                      • Instruction ID: 24787e935790c462385a6f7c3d9b1795cb3bbc9cd4dbb2f35f1dec3296b99e88
                                                                                                      • Opcode Fuzzy Hash: 91755eca4e9eb0beebec3ee09a34b4ad4150c69130d222ef064f81d398563632
                                                                                                      • Instruction Fuzzy Hash: A0F02B2194425026C604F379AC0ABFE7B699EC1314B540058F94487226EB299843A3B1
                                                                                                      Function 00FA6F90 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000008,00000000,00F947D9,f.lux cannot activate,00000000,?), ref: 00FA6F9A
                                                                                                      • GetProcAddress.KERNEL32(00000000,MessageBoxTimeoutA), ref: 00FA6FAC
                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00FA6FD8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                      • String ID: MessageBoxTimeoutA$Note$user32.dll
                                                                                                      • API String ID: 145871493-1977615140
                                                                                                      • Opcode ID: 64c0409e65eaaabd53ce8959eba0470247531218dc7b39fe6bf4ba0fafb06c6c
                                                                                                      • Instruction ID: c4f709f3a5320e25981bd44364c049fba950d0123810e2ed4e8b8b0c57d065d0
                                                                                                      • Opcode Fuzzy Hash: 64c0409e65eaaabd53ce8959eba0470247531218dc7b39fe6bf4ba0fafb06c6c
                                                                                                      • Instruction Fuzzy Hash: 5DE0D8B17C07327BE67306517C0AF6B251A9B81F95F044008FB85FD1C4DFA8AE0183A9
                                                                                                      Function 00FBEF00 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(00000001,00000002), ref: 00FBEF0F
                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00FBEF1C
                                                                                                      • SetDlgItemTextA.USER32(00000001,00000001,Done), ref: 00FBEF2A
                                                                                                      • GetWindowLongA.USER32(00000001,000000F0), ref: 00FBEF33
                                                                                                      • SetWindowLongA.USER32(00000001,000000F0,00000000), ref: 00FBEF42
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$ItemLong$EnableText
                                                                                                      • String ID: Done
                                                                                                      • API String ID: 4165506077-2954842005
                                                                                                      • Opcode ID: 3601b3fdfe0274a0b124c4eba31052f497def2c95e91d8dd48e27cd1d5edd03a
                                                                                                      • Instruction ID: 593dff73d301127babdb56980e1c274230590eeaa799de451f477d735d1af976
                                                                                                      • Opcode Fuzzy Hash: 3601b3fdfe0274a0b124c4eba31052f497def2c95e91d8dd48e27cd1d5edd03a
                                                                                                      • Instruction Fuzzy Hash: 39E06D32649621B7D7201B619C0DFDA765CAF06721F18C20AF160E10D8CF6D96008BA9
                                                                                                      Function 00FC6460 Relevance: 9.2, APIs: 6, Instructions: 228stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(010C7DC8,?,?,?), ref: 00FC64A3
                                                                                                      • GetModuleFileNameA.KERNEL32(00F60000,?,00000104,?,?,?), ref: 00FC6535
                                                                                                      • lstrlenA.KERNEL32(?,?,?,?), ref: 00FC6555
                                                                                                      • LoadTypeLib.OLEAUT32(00000000,?), ref: 00FC65E8
                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 00FC66F1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterFileLeaveLoadModuleNameTypelstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3799466066-0
                                                                                                      • Opcode ID: f1d6e447035f983cba964f0c95d33a47395bf921b119c686d18df4479f1472e6
                                                                                                      • Instruction ID: e1d06213472ec7a2f451028f63f6f4dd00e7b7d62a26dc6bcee4fa97968132a1
                                                                                                      • Opcode Fuzzy Hash: f1d6e447035f983cba964f0c95d33a47395bf921b119c686d18df4479f1472e6
                                                                                                      • Instruction Fuzzy Hash: CB819371E04216CFCB21DBA4DE82EADB379AB88710F24452DF545DB219D739AC41EF90
                                                                                                      Function 00FC6720 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SysStringLen.OLEAUT32(00000000), ref: 00FC67C6
                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00FC67D1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: String$Free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1391021980-0
                                                                                                      • Opcode ID: 6066d83b3da3ae35f3492dfcf05d4a4d21c022346773a529da8a15a62c39c620
                                                                                                      • Instruction ID: 17faff5da46e1a7a8efe2e65894d8212004fc3729b8ac24c1fb87a51fe87a78a
                                                                                                      • Opcode Fuzzy Hash: 6066d83b3da3ae35f3492dfcf05d4a4d21c022346773a529da8a15a62c39c620
                                                                                                      • Instruction Fuzzy Hash: 295180756082079BE725DB14D982F7BB3E8EF88714F40852DF689C7280EB39D906C796
                                                                                                      Function 00F689D0 Relevance: 9.1, APIs: 6, Instructions: 149COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(00000011,?,?,00000000,?,?,00F6F219,00000000,00000001), ref: 00F689F8
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00F68A3B
                                                                                                      • EnterCriticalSection.KERNEL32(00000010), ref: 00F68AA4
                                                                                                      • LeaveCriticalSection.KERNEL32(-00000010,00000049,?,?,?,?,?,?,?,?,?,00000001,?,?,00F6EC52,00000000), ref: 00F68AFA
                                                                                                      • LeaveCriticalSection.KERNEL32(-0000000F,?,?,?,?,?,?,?,?,?,00000001,?,?,00F6EC52,00000000), ref: 00F68B11
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave$IncrementInterlocked
                                                                                                      • String ID:
                                                                                                      • API String ID: 1988634917-0
                                                                                                      • Opcode ID: 3976c762c351fcaa803106137697b74dc7bb7c77eea65c3c96e3d469dc6b1703
                                                                                                      • Instruction ID: 33b2e4750bf744ae1c5d124fd00e189d96e69c2cdff8626f45e1e1cf6f0cbe17
                                                                                                      • Opcode Fuzzy Hash: 3976c762c351fcaa803106137697b74dc7bb7c77eea65c3c96e3d469dc6b1703
                                                                                                      • Instruction Fuzzy Hash: 8D4174362001019FD714DF68DCC4A6AB3A5FF88361B24876FE9568B245DF39EC46DB90
                                                                                                      Function 00F8E380 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F8E3B8
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F8E3CD
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FD8330: _memset.LIBCMT ref: 00FD8382
                                                                                                        • Part of subcall function 00FD8330: _printf.LIBCMT ref: 00FD83A3
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F8E3D0
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F8E3DF
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F8E3FA
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F8E409
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_memset_printf
                                                                                                      • String ID:
                                                                                                      • API String ID: 159435882-0
                                                                                                      • Opcode ID: a6d78991eb6e97c27b3dbd355f7d3f60aa8b7066189022254767a75c68f35e71
                                                                                                      • Instruction ID: 4dc3828bba1700d99b384fcc6e1537423b8ddbca66c44291ec2bd1206d9bb67e
                                                                                                      • Opcode Fuzzy Hash: a6d78991eb6e97c27b3dbd355f7d3f60aa8b7066189022254767a75c68f35e71
                                                                                                      • Instruction Fuzzy Hash: 4F41BE724143019BC610FB20CD81AAFB3E8FF95344F444A1EF49583151EB38EA48EBA2
                                                                                                      Function 00FBB090 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32 ref: 00FBB0A7
                                                                                                      • InterlockedDecrement.KERNEL32 ref: 00FBB0B6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB118
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB127
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB178
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB18B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 1c7330aa30a9c93b7a3272a0f8948a324ce26271f41db20dcd94560189a79fd3
                                                                                                      • Instruction ID: 0cf741a944a97cbdcfb5d2c1fd74e9da896327175b5f78820e370ad7d5a58ae6
                                                                                                      • Opcode Fuzzy Hash: 1c7330aa30a9c93b7a3272a0f8948a324ce26271f41db20dcd94560189a79fd3
                                                                                                      • Instruction Fuzzy Hash: 7431D5737056216BE621BA2ACC85BBF7388DF40B50F588026F941D7205DB6CED01BBA6
                                                                                                      Function 00FCAD90 Relevance: 9.1, APIs: 6, Instructions: 103windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageA.USER32 ref: 00FCADAE
                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00FCADFD
                                                                                                      • VariantInit.OLEAUT32(?), ref: 00FCAE19
                                                                                                      • VariantClear.OLEAUT32(?), ref: 00FCAE46
                                                                                                      • VariantClear.OLEAUT32(?), ref: 00FCAE4D
                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 00FCAE54
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Variant$Clear$Init$MessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 3771501044-0
                                                                                                      • Opcode ID: df228ec2219c3f39459b51d2ef6cac8131611689e9aa87fe83ec09b54499f439
                                                                                                      • Instruction ID: 93152fc9e45c4e48c0e6467fa09e2306a61de20bbdeb9ee8c14df0672e5e3608
                                                                                                      • Opcode Fuzzy Hash: df228ec2219c3f39459b51d2ef6cac8131611689e9aa87fe83ec09b54499f439
                                                                                                      • Instruction Fuzzy Hash: 10315C76504206AFC314EB58CD80FABB3E9EFC8714F088A0DF58587254DB75EA05CB92
                                                                                                      Function 00FAE8D0 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FAE972
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FAE981
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FAE9A9
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FAE9B8
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FAE9E0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FAE9EF
                                                                                                        • Part of subcall function 00F7EFF0: InterlockedDecrement.KERNEL32(?), ref: 00F7F01B
                                                                                                        • Part of subcall function 00F7EFF0: InterlockedIncrement.KERNEL32(?), ref: 00F7F02A
                                                                                                        • Part of subcall function 00F7EFF0: InterlockedDecrement.KERNEL32(010C7098), ref: 00F7F051
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Decrement$Increment$CriticalEnterSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 49996394-0
                                                                                                      • Opcode ID: c98c5024114ebc101f2ff92da58e6d85a2e3278493bfab42b7735fd451378d2e
                                                                                                      • Instruction ID: d0753042a74280bd574775f62251f09dffee2a089efa961fc0dfb226ebca01e4
                                                                                                      • Opcode Fuzzy Hash: c98c5024114ebc101f2ff92da58e6d85a2e3278493bfab42b7735fd451378d2e
                                                                                                      • Instruction Fuzzy Hash: BC41A6B2B11A56AFC664BF24CC893DAF365BF06310F55462AE528A3101CB3C7D50ABD2
                                                                                                      Function 00FBB1B0 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB1C7
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB1D6
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB238
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB247
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FBB28C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FBB29F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: eb6598fed4da4796371c123f705484e19e749d42e5d493999f6da589ceadf1e5
                                                                                                      • Instruction ID: 0be00f8e3f4666f2aa21a290683448cc6b2cdc4fca01424a38ef7ce2c1f0b806
                                                                                                      • Opcode Fuzzy Hash: eb6598fed4da4796371c123f705484e19e749d42e5d493999f6da589ceadf1e5
                                                                                                      • Instruction Fuzzy Hash: E3219673B015215BEA22A61A8D81BBEB388DF41710F588026FD41D7205DB6CDE01BBE5
                                                                                                      Function 00F7F1E0 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7F1FB
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7F20A
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7F229
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7F238
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F7F257
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F7F266
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 8e39b29f74b2cd19810a5a401e0d28375589159f96d3f47be0ad5de14cde922a
                                                                                                      • Instruction ID: 05a38e294e56f758580773f7d29706eff1ac44be63c7e55b69e08a50cfdd6bc5
                                                                                                      • Opcode Fuzzy Hash: 8e39b29f74b2cd19810a5a401e0d28375589159f96d3f47be0ad5de14cde922a
                                                                                                      • Instruction Fuzzy Hash: FF11B173911A126BD6205F20DC4176AB358FF00320F148232D818E7542DB2CFD28EBE6
                                                                                                      Function 00FA4620 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FA4920: GetCurrentThreadId.KERNEL32 ref: 00FA493E
                                                                                                        • Part of subcall function 00FA4920: EnumThreadWindows.USER32(00000000), ref: 00FA4945
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA4645
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA4654
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA467D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA468C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA46AF
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA46BE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$Thread$CurrentEnumWindows
                                                                                                      • String ID:
                                                                                                      • API String ID: 2548864937-0
                                                                                                      • Opcode ID: 0eda4969c079ce285a70e0bd4399862c72d3c9de8858863c3787f4a6831146b6
                                                                                                      • Instruction ID: 43d38f4791f22460b4be8ecce6eab42e8539369efed7f2f0aef8be05496c00ff
                                                                                                      • Opcode Fuzzy Hash: 0eda4969c079ce285a70e0bd4399862c72d3c9de8858863c3787f4a6831146b6
                                                                                                      • Instruction Fuzzy Hash: 1A119DB2511A22ABD7211B21DC8479AF368FF83729F144032D850E7700DBACFD546BE8
                                                                                                      Function 00F62640 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6265D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62672
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62678
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62687
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6269D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F626AC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 880407097-0
                                                                                                      • Opcode ID: 55e6cb031ca47835699120fb0b47dbfa30b7220c812d10b9c27f195048465f4f
                                                                                                      • Instruction ID: 8ceb7a0d3cd599b67268722701e43425df80c984498f53f4f768b46a14c2e4da
                                                                                                      • Opcode Fuzzy Hash: 55e6cb031ca47835699120fb0b47dbfa30b7220c812d10b9c27f195048465f4f
                                                                                                      • Instruction Fuzzy Hash: CC01A273712A161AD6B0A625EC80BEEB348EF82336F200537E441C2441DE0EDA1967A5
                                                                                                      Function 00FC6A90 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 00FC6AB5
                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00FC6AC6
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FC6ACF
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00FC6AD6
                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000001), ref: 00FC6AEF
                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00FC6AFD
                                                                                                        • Part of subcall function 00FC2F20: RaiseException.KERNEL32(?,00000001,00000000,00000000,00FC3211,8007000E,?,00000002,00000000), ref: 00FC2F3C
                                                                                                        • Part of subcall function 00FC2F20: GetLastError.KERNEL32(?,00000002,00000000), ref: 00FC2F50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsDevice$ErrorExceptionLastRaiseRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3452748133-0
                                                                                                      • Opcode ID: 5c94f5985545015f55ef9714dd47c7199b46cf73c2be5bfa4745bb94e6e2cf9f
                                                                                                      • Instruction ID: 14b5cd3b2fd3ae4ef08251cacd7f971dcd8a8886c183ecddd14187bf7442dd6c
                                                                                                      • Opcode Fuzzy Hash: 5c94f5985545015f55ef9714dd47c7199b46cf73c2be5bfa4745bb94e6e2cf9f
                                                                                                      • Instruction Fuzzy Hash: C401D6B16403166FE710DBA1CC86F1B7BACEF55351F00801EFB44A7285DA799800CBA1
                                                                                                      Function 00FC6A10 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDC.USER32(00000000), ref: 00FC6A35
                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00FC6A46
                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FC6A4F
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00FC6A56
                                                                                                      • MulDiv.KERNEL32(?,00000000,000009EC), ref: 00FC6A6F
                                                                                                      • MulDiv.KERNEL32(00000000,?,000009EC), ref: 00FC6A7D
                                                                                                        • Part of subcall function 00FC2F20: RaiseException.KERNEL32(?,00000001,00000000,00000000,00FC3211,8007000E,?,00000002,00000000), ref: 00FC2F3C
                                                                                                        • Part of subcall function 00FC2F20: GetLastError.KERNEL32(?,00000002,00000000), ref: 00FC2F50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CapsDevice$ErrorExceptionLastRaiseRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3452748133-0
                                                                                                      • Opcode ID: 469e98d8f2c77b0494820b5fa42c112f9a2d8b9a120b3086a54a9580fbf07caf
                                                                                                      • Instruction ID: 956b3a59090dcd26647f4f43ce7489a347fa1b5360ed97b7bc5163559faa5cc2
                                                                                                      • Opcode Fuzzy Hash: 469e98d8f2c77b0494820b5fa42c112f9a2d8b9a120b3086a54a9580fbf07caf
                                                                                                      • Instruction Fuzzy Hash: 9D01D6B16403166FE310EB60CC86F1B7FACEF55351F00801DFB44A7285DA799800CBA0
                                                                                                      Function 00FA5340 Relevance: 9.0, APIs: 6, Instructions: 37windowkeyboardCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ReleaseCapture.USER32 ref: 00FA5340
                                                                                                      • GetSystemMetrics.USER32(00000017), ref: 00FA5348
                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00FA5356
                                                                                                      • SendMessageA.USER32(?,00000112,0000F008,00000000), ref: 00FA537B
                                                                                                      • PostMessageA.USER32(?,00000201,00000000,00000000), ref: 00FA5394
                                                                                                      • PostMessageA.USER32(?,00000202,00000000,00000000), ref: 00FA53A3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Post$AsyncCaptureMetricsReleaseSendStateSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 599169548-0
                                                                                                      • Opcode ID: 15f08ec1a28c16d0eddf93f6ec189510a6c4a7e19696818e628ec89fd9a86852
                                                                                                      • Instruction ID: 6fb4caae5e78a5511af441a1ce5b2f7cbefad50fb9014ffc4e957e7083b17071
                                                                                                      • Opcode Fuzzy Hash: 15f08ec1a28c16d0eddf93f6ec189510a6c4a7e19696818e628ec89fd9a86852
                                                                                                      • Instruction Fuzzy Hash: A8F0E2313D0300ABF7306AB49C4AF1A73A8BB80B10F54C60DBB82EA1C5CDFCA8008B04
                                                                                                      Function 00FB0FA9 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB10C2
                                                                                                        • Part of subcall function 00FAEA60: wsprintfA.USER32 ref: 00FAEA8B
                                                                                                        • Part of subcall function 00FAEA60: IsWindow.USER32(00000000), ref: 00FAEAB3
                                                                                                        • Part of subcall function 00FAEA60: IsWindowVisible.USER32(00000000), ref: 00FAEAC4
                                                                                                        • Part of subcall function 00FAEA60: MessageBoxA.USER32(00000000,?,Error,00000010), ref: 00FAEAEA
                                                                                                      Strings
                                                                                                      • Collision found! (layer/object names must be unique), xrefs: 00FB146F
                                                                                                      • o, xrefs: 00FB0FE7
                                                                                                      • Shadows require 4 arguments (radius, xoffset, yoffset, opacity), xrefs: 00FB110B
                                                                                                      • y, xrefs: 00FB119C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionWindow$EnterIncrementInterlockedLeaveMessageVisible_mallocwsprintf
                                                                                                      • String ID: Collision found! (layer/object names must be unique)$Shadows require 4 arguments (radius, xoffset, yoffset, opacity)$o$y
                                                                                                      • API String ID: 770004197-2103909232
                                                                                                      • Opcode ID: 26b7b8a6238e33748443c8e652210a407881eb40b788e29e7588e61b91d92e2a
                                                                                                      • Instruction ID: c50199952cca06388dada622e468d85f42150e14a69706133cda45d9e3f41a8c
                                                                                                      • Opcode Fuzzy Hash: 26b7b8a6238e33748443c8e652210a407881eb40b788e29e7588e61b91d92e2a
                                                                                                      • Instruction Fuzzy Hash: D861F072B00204CBDB10EF79DC926AA77A4BF85354F444578F909DB242EA35EC44EB52
                                                                                                      Function 00F6EC20 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 173COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F61920: InterlockedIncrement.KERNEL32(00000000), ref: 00F6196C
                                                                                                        • Part of subcall function 00F61920: InterlockedDecrement.KERNEL32(00000000), ref: 00F6197B
                                                                                                        • Part of subcall function 00F61920: InterlockedDecrement.KERNEL32(00000000), ref: 00F6198D
                                                                                                        • Part of subcall function 00F61920: InterlockedIncrement.KERNEL32(00000000), ref: 00F6199C
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6ECD9
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6ECEC
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection
                                                                                                      • String ID: flux/daylight$flux/moon$flux/sun
                                                                                                      • API String ID: 880407097-3619217454
                                                                                                      • Opcode ID: 0d7778c3c7a017ec28475855600352fafde1077d7ec949569ff01d7d21451aba
                                                                                                      • Instruction ID: 93a3c580a2600b4b3e477589505d3d4fad64c2f6a0c92441f1d17c0e91fa7362
                                                                                                      • Opcode Fuzzy Hash: 0d7778c3c7a017ec28475855600352fafde1077d7ec949569ff01d7d21451aba
                                                                                                      • Instruction Fuzzy Hash: CC616932A007409FD311DB36CC55BAA7B94BF96340F0887A9E8459F2A3E779D941FB40
                                                                                                      Function 00FD8330 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 167COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset_printf
                                                                                                      • String ID: Security - Exiting due to invalid key$gj$gj
                                                                                                      • API String ID: 1469192381-750125829
                                                                                                      • Opcode ID: 71c1b35188232a01282bd59bf552ff2cd2cbf381789fb313b63ceeb885b41789
                                                                                                      • Instruction ID: 7981b8b36a7db00a0e7da81aace5707a90257695d274027962ca993c69d17333
                                                                                                      • Opcode Fuzzy Hash: 71c1b35188232a01282bd59bf552ff2cd2cbf381789fb313b63ceeb885b41789
                                                                                                      • Instruction Fuzzy Hash: 8061AF718093818BD370EF2498407DFBBE1BFDA794F585A1EE5C85B201EB718949CB82
                                                                                                      Function 00FB2CD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _fgets.LIBCMT ref: 00FB2D29
                                                                                                      • _strncmp.LIBCMT ref: 00FB2D3D
                                                                                                      • _strncmp.LIBCMT ref: 00FB2D68
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$_strncmp$_fgets
                                                                                                      • String ID: #define$#include
                                                                                                      • API String ID: 3939736294-2043961825
                                                                                                      • Opcode ID: 6738fe12ea3ab78d89af5a217b510a19756bf2abb1a464c830adff185880e2a8
                                                                                                      • Instruction ID: 98c645c8326dd911b8b21a9809ddac83d0076eb06908a89828fb280b1c1cd7fb
                                                                                                      • Opcode Fuzzy Hash: 6738fe12ea3ab78d89af5a217b510a19756bf2abb1a464c830adff185880e2a8
                                                                                                      • Instruction Fuzzy Hash: 5D415A76B0020557DB619A26AC45BE73798EB95360F0C4421EC85D7142EA2AE90EEFB1
                                                                                                      Function 00FB2F50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _swscanf.LIBCMT ref: 00FB2F95
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB2FBA
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB2FCD
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterInterlocked$DecrementIncrementLeave_malloc_swscanf
                                                                                                      • String ID: #define %s$Bad define
                                                                                                      • API String ID: 473168845-454462727
                                                                                                      • Opcode ID: ee1ef800130334d59a7189dbe1997368048ccfd724841ab8592258229347dd5b
                                                                                                      • Instruction ID: 360c4f37e65d753a905ad7d62620cecf90ec8b042175c351ead34d10bfbdae98
                                                                                                      • Opcode Fuzzy Hash: ee1ef800130334d59a7189dbe1997368048ccfd724841ab8592258229347dd5b
                                                                                                      • Instruction Fuzzy Hash: AD41C332A442024BC310EF65EC515EBB7D4EF81764F480839F985D7141EA2EEA4DABE2
                                                                                                      Function 00F81230 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F81383
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F81396
                                                                                                      Strings
                                                                                                      • [ ] Share my color settings with f.lux (will be deleted within 24 hours), xrefs: 00F81321
                                                                                                      • [%s] Join f.lux beta to test new releases, xrefs: 00F81284
                                                                                                      • [x] Share my color settings with f.lux to help improve the app, xrefs: 00F81309
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: [ ] Share my color settings with f.lux (will be deleted within 24 hours)$[%s] Join f.lux beta to test new releases$[x] Share my color settings with f.lux to help improve the app
                                                                                                      • API String ID: 2172605799-2828477752
                                                                                                      • Opcode ID: 71cd01fcbd5cf9676bedb3aadcf4cd9e18b931db3347d745c387ae714fe5a5e8
                                                                                                      • Instruction ID: 7ffa4ef6ca8b474ae1ecfc1cc5022ad9e541b0665dcaf5851b1fa6c9a86e7823
                                                                                                      • Opcode Fuzzy Hash: 71cd01fcbd5cf9676bedb3aadcf4cd9e18b931db3347d745c387ae714fe5a5e8
                                                                                                      • Instruction Fuzzy Hash: 0841A1715047014BD721EF64CC457DBB398BF84314F084A29FD94DB642EB79E90AA7A2
                                                                                                      Function 00FBA2C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WindowFromPoint.USER32(?,?), ref: 00FBA339
                                                                                                      • GetParent.USER32(00000000), ref: 00FBA342
                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00FBA36E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$FromParentPointRect
                                                                                                      • String ID: H$explorer.exe
                                                                                                      • API String ID: 1370553600-357173081
                                                                                                      • Opcode ID: 04c6cbab6f3d5f5f4a81fb3da2844b8d0c3c2188f4d40a5b1ea8faafbfd594fc
                                                                                                      • Instruction ID: 6fe3af92d67f7d24d8e4dfa15612dc5939a275c3a10676127b316d81073b7974
                                                                                                      • Opcode Fuzzy Hash: 04c6cbab6f3d5f5f4a81fb3da2844b8d0c3c2188f4d40a5b1ea8faafbfd594fc
                                                                                                      • Instruction Fuzzy Hash: 0B417F71A083018BC724DF2AD8415AFB7E4EF88360F14492EF585932A0DB75E945EF97
                                                                                                      Function 00F7A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7A2A0: __time64.LIBCMT ref: 00F7A303
                                                                                                        • Part of subcall function 00F7E8C0: _memset.LIBCMT ref: 00F7E94C
                                                                                                        • Part of subcall function 00F7E8C0: __snprintf.LIBCMT ref: 00F7E969
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E9AC
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E9BF
                                                                                                      • __wsplitpath.LIBCMT ref: 00F7A421
                                                                                                      • __makepath_s.LIBCMT ref: 00F7A45E
                                                                                                      • __time64.LIBCMT ref: 00F7A473
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked__time64$DecrementIncrement__makepath_s__snprintf__wsplitpath_memset
                                                                                                      • String ID: installdate$update
                                                                                                      • API String ID: 258712858-1629887385
                                                                                                      • Opcode ID: 6a56ce7aec31ce34c5e2a87005cb55b9cb32e30e2bba5100ade034a41efa0546
                                                                                                      • Instruction ID: c28f6ad439555a28959e3343f5bbf44978d5be322a9900abfc90c02b72d2b89a
                                                                                                      • Opcode Fuzzy Hash: 6a56ce7aec31ce34c5e2a87005cb55b9cb32e30e2bba5100ade034a41efa0546
                                                                                                      • Instruction Fuzzy Hash: D1415DB25097819FC361EF64CC819AFB7E8AFD4301F44492EF5D983151EA749908DBA3
                                                                                                      Function 00F90F20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • QueryPerformanceCounter.KERNEL32(?,00000001,00000001,7591E860), ref: 00F90F38
                                                                                                      • GetDiskFreeSpaceExA.KERNEL32(00000000,00000000,00000000,?), ref: 00F90F49
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F90FEE
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F91001
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CounterDecrementDiskFreeIncrementPerformanceQuerySpace
                                                                                                      • String ID: %d%d%d%d
                                                                                                      • API String ID: 1992585804-3934312435
                                                                                                      • Opcode ID: 4da18446d39f998e66157a97d11691c6ba0fe312ff813417574fae76865d00a3
                                                                                                      • Instruction ID: 62ec1d7c374f02049008bfd85a233a45c0507a66e445cca6af3f7b4872cfc061
                                                                                                      • Opcode Fuzzy Hash: 4da18446d39f998e66157a97d11691c6ba0fe312ff813417574fae76865d00a3
                                                                                                      • Instruction Fuzzy Hash: 6631E1716043459FEB24DB24CC41B7F7BA8FF98314F44092DF889C7151EB29DA049762
                                                                                                      Function 00FD32E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _malloc.LIBCMT ref: 00FD3331
                                                                                                      • GetDC.USER32 ref: 00FD338E
                                                                                                      • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 00FD33A3
                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00FD33AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateReleaseSection_malloc
                                                                                                      • String ID: (
                                                                                                      • API String ID: 2851609021-3887548279
                                                                                                      • Opcode ID: cdfdb73c54b212cc51016b9325f6622b803b24f29c1c748091a37709d54fa487
                                                                                                      • Instruction ID: 7abf53fbf6302e5eaea014eff4bfd71bc11c222bc5241c750ddd2f5c116d8404
                                                                                                      • Opcode Fuzzy Hash: cdfdb73c54b212cc51016b9325f6622b803b24f29c1c748091a37709d54fa487
                                                                                                      • Instruction Fuzzy Hash: 6B3155729047419FD724CF65D98456BB7E5FBC8320F084A2FF98583300EB79A6499F52
                                                                                                      Function 00FB46A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB46EC
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB46FB
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB4724
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB4733
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: flux/latitude
                                                                                                      • API String ID: 2172605799-2678266477
                                                                                                      • Opcode ID: 710ffd2ab00e910c33b008a0c0b3b740208e293b73b5e88e676a85b07f2b2a02
                                                                                                      • Instruction ID: a145e4b2cc37b09dee0b99ecf6c18ec4bed9a24ed5cde2f06166673ba1e4ab4f
                                                                                                      • Opcode Fuzzy Hash: 710ffd2ab00e910c33b008a0c0b3b740208e293b73b5e88e676a85b07f2b2a02
                                                                                                      • Instruction Fuzzy Hash: 851136B3B012256BD621961A9C85FEBB749EF82B20F240536F841D7142CF1DED045AB4
                                                                                                      Function 00FB4750 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB479C
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB47AB
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB47D4
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB47E3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: flux/wave
                                                                                                      • API String ID: 2172605799-2948915988
                                                                                                      • Opcode ID: aa99e9711607e411abdc50dba3dafba4a5f64cdf1c98f05296a882cd1124e4a0
                                                                                                      • Instruction ID: c1733e0115f1a64720490292eaa826644bd5c284122133914d092061342c3194
                                                                                                      • Opcode Fuzzy Hash: aa99e9711607e411abdc50dba3dafba4a5f64cdf1c98f05296a882cd1124e4a0
                                                                                                      • Instruction Fuzzy Hash: 421123B3A013216BD6219A1A9D81FEB7388EB82760F280436F841D7142CF1DE9059AB5
                                                                                                      Function 00FB4800 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB484C
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB485B
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB4884
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB4893
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: flux/changeloc
                                                                                                      • API String ID: 2172605799-1586836804
                                                                                                      • Opcode ID: 8e8c6d62fee7fe0f2eb251641599d83fdd5218b37ba9c74c249566b91061fffe
                                                                                                      • Instruction ID: b1ead953ad7ae8ccfdd710c5616cc0989623077b81fffcd51e31fd4b735ae4e5
                                                                                                      • Opcode Fuzzy Hash: 8e8c6d62fee7fe0f2eb251641599d83fdd5218b37ba9c74c249566b91061fffe
                                                                                                      • Instruction Fuzzy Hash: 3B1159B3B013615BD6219A2A9C41FEB7789DF81B60F144036F941D7142DA2DED045AF4
                                                                                                      Function 00F64B50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F64BB9
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64BCE
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64BD1
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F64BE0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_strncmp
                                                                                                      • String ID: name
                                                                                                      • API String ID: 668252347-1579384326
                                                                                                      • Opcode ID: 5aefa8cb5d4a466091983f2c5551f9f5efe2ce5435553ab62f46afe405e49931
                                                                                                      • Instruction ID: 62f1408750836285d3c682fb4aa5ff464cd3e51c18b7eae9f7576340cd2f4374
                                                                                                      • Opcode Fuzzy Hash: 5aefa8cb5d4a466091983f2c5551f9f5efe2ce5435553ab62f46afe405e49931
                                                                                                      • Instruction Fuzzy Hash: 1E11B2B360121657D620BB10EC41BEF735CEFD1314F048539FA4496101DA3DFA0997E6
                                                                                                      Function 00F64A80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F64AE0
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64AF5
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64AF8
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F64B07
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_strncmp
                                                                                                      • String ID: name
                                                                                                      • API String ID: 668252347-1579384326
                                                                                                      • Opcode ID: 4f1b445fe5692b924afa6e6d04424a504d2d9629785a8523a9b7fb7ca490886b
                                                                                                      • Instruction ID: 6e28a02375c9b693a77d04da3c7cebaf32bc30ab90db8c1febdd8064a8c6cb03
                                                                                                      • Opcode Fuzzy Hash: 4f1b445fe5692b924afa6e6d04424a504d2d9629785a8523a9b7fb7ca490886b
                                                                                                      • Instruction Fuzzy Hash: 1B1160B36012155BD621BA54EC41BAF7358EBD1314F048539EA4497101DA3DFA099BB6
                                                                                                      Function 00F64C30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F64C90
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64CA5
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64CA8
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F64CB7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_strncmp
                                                                                                      • String ID: uniqueid
                                                                                                      • API String ID: 668252347-1565510658
                                                                                                      • Opcode ID: ca129f08b52bd46f28e9a2bcdfcf943afbf089fe32209542e5c992a4380c81eb
                                                                                                      • Instruction ID: 91e42d8841558f46762eb1df5685fca6a74314340a5d6148e9fc74eadfe2b285
                                                                                                      • Opcode Fuzzy Hash: ca129f08b52bd46f28e9a2bcdfcf943afbf089fe32209542e5c992a4380c81eb
                                                                                                      • Instruction Fuzzy Hash: 6A11C4B35022155BD621FB14EC41BEF7368EF91310F008639FA4496241DA3DFA0997F6
                                                                                                      Function 00F952B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F63F90: _strncmp.LIBCMT ref: 00F63FCA
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F46
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5B
                                                                                                        • Part of subcall function 00F63F20: InterlockedDecrement.KERNEL32(?), ref: 00F63F5E
                                                                                                        • Part of subcall function 00F63F20: InterlockedIncrement.KERNEL32(?), ref: 00F63F6D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F95310
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F95325
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F95328
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F95337
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection_strncmp
                                                                                                      • String ID: type
                                                                                                      • API String ID: 668252347-2363381545
                                                                                                      • Opcode ID: 9cebac9d775e47dbc1ac62aae0f6def5504feea9c0eb7cda0f4897b5a08df0f1
                                                                                                      • Instruction ID: 5910a39ffea212018facbf7fdbf54278b70b8c3ff31bf90c6b67bac8d8bfeb53
                                                                                                      • Opcode Fuzzy Hash: 9cebac9d775e47dbc1ac62aae0f6def5504feea9c0eb7cda0f4897b5a08df0f1
                                                                                                      • Instruction Fuzzy Hash: 4E1104B35016155BEA21EB10EC42FEF7358EFC1750F008539FA44DA101DA3DEA0997E6
                                                                                                      Function 00F7E810 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E879
                                                                                                      • InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E888
                                                                                                      • InterlockedIncrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E899
                                                                                                      • InterlockedDecrement.KERNEL32(SOFTWARE\Microsoft\Windows NT\CurrentVersion), ref: 00F7E8A8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                      • API String ID: 2172605799-2278330950
                                                                                                      • Opcode ID: db0cc8b142c525aebe7f8517128975a81f037da1030cca1b09fc5c2d6a81d351
                                                                                                      • Instruction ID: b5be5f917e640aff6e935d5ea833e57843e78ec887b200c6ef0dbca363b210db
                                                                                                      • Opcode Fuzzy Hash: db0cc8b142c525aebe7f8517128975a81f037da1030cca1b09fc5c2d6a81d351
                                                                                                      • Instruction Fuzzy Hash: 5411817650172AAFD7218F10CD84BA6BB68EF09714F058557EC48D7201DB3DEA08DBE2
                                                                                                      Function 00FA87A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FA87B8
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • EnterCriticalSection.KERNEL32(00000010), ref: 00FA87E7
                                                                                                      • LeaveCriticalSection.KERNEL32(00000010), ref: 00FA8801
                                                                                                        • Part of subcall function 00FA8610: InitializeCriticalSection.KERNEL32(00000010,00000030,?,00000000,?,00F79835,00000000), ref: 00FA862C
                                                                                                      • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00FA881B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave$ExecuteIncrementInitializeInterlockedShell_malloc
                                                                                                      • String ID: open
                                                                                                      • API String ID: 1135646518-2758837156
                                                                                                      • Opcode ID: 6c8db14be2de750ad9758ff740ad1ace6a9efb23f201c354783cdb8d07d00a78
                                                                                                      • Instruction ID: 4bd54095f24efce17f6b1f1d4cf4884162614cda58c0582ddfe5159a2aef39fe
                                                                                                      • Opcode Fuzzy Hash: 6c8db14be2de750ad9758ff740ad1ace6a9efb23f201c354783cdb8d07d00a78
                                                                                                      • Instruction Fuzzy Hash: E6014C737013107BD33017AA9C49B1BF7DCEF85B62F10842EF64AD7181DAB994004BA1
                                                                                                      Function 00FA6A80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FC5DB0: DeleteCriticalSection.KERNEL32(010C7DE8,00000000,https://justgetflux.com/,00FA6A93,https://justgetflux.com/,00F7E2B0,?,?,00000000), ref: 00FC5E3D
                                                                                                      • UnregisterClassA.USER32(ytWindow,00000000), ref: 00FA6AA4
                                                                                                      • UnregisterClassA.USER32(ytDialog,00000000), ref: 00FA6AB2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassUnregister$CriticalDeleteSection
                                                                                                      • String ID: https://justgetflux.com/$ytDialog$ytWindow
                                                                                                      • API String ID: 2429955236-4256535048
                                                                                                      • Opcode ID: 4f14511b595fd35a48aefa67e401e4418cb912abc221a9d87baa4337033b731b
                                                                                                      • Instruction ID: 594544f45dda0f4237e9e59bbd922cc4bdb42f145e7637bd963dd5a44e15784e
                                                                                                      • Opcode Fuzzy Hash: 4f14511b595fd35a48aefa67e401e4418cb912abc221a9d87baa4337033b731b
                                                                                                      • Instruction Fuzzy Hash: 4911C1B4A00211DFD734EB96E885B2633A5EF45724F18414CF4C6CB298CB7A9844EFA1
                                                                                                      Function 00F7A1E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindow.USER32(00000000), ref: 00F7A1FF
                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00F7A20F
                                                                                                      • MessageBoxA.USER32(00000000,This computer may not work properly with Darkroom. If you continue, please remember that Alt+End can be pressed to disable darkroom. Continue?,Confirm,00000004), ref: 00F7A235
                                                                                                      Strings
                                                                                                      • This computer may not work properly with Darkroom. If you continue, please remember that Alt+End can be pressed to disable darkroom. Continue?, xrefs: 00F7A22F
                                                                                                      • Confirm, xrefs: 00F7A22A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MessageVisible
                                                                                                      • String ID: Confirm$This computer may not work properly with Darkroom. If you continue, please remember that Alt+End can be pressed to disable darkroom. Continue?
                                                                                                      • API String ID: 2706066631-404963737
                                                                                                      • Opcode ID: 04d3d2d4fa7d84ad347f89bfccbded9894774b8e66be5900f685abded286837f
                                                                                                      • Instruction ID: 5fef6b92d3f6daa40886740c64d56c10096ed3459d035f57f3c3cf677d3c9071
                                                                                                      • Opcode Fuzzy Hash: 04d3d2d4fa7d84ad347f89bfccbded9894774b8e66be5900f685abded286837f
                                                                                                      • Instruction Fuzzy Hash: F4110031A447018BE730CF71A8487AB77E8AF41300F09C90AF099C6186DB2EE840EF63
                                                                                                      Function 00F8E9F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • inet_addr.WSOCK32(239.255.255.250,?,?,?,?,?,?,?,00F8F594), ref: 00F8EA2B
                                                                                                      • htons.WSOCK32(000007BE,?,?,?,?,?,?,?,00F8F594), ref: 00F8EA44
                                                                                                      • sendto.WSOCK32(00000000,M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1982MAN: "ssdp:discover"ST: wifi_bulb,M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1982MAN: "ssdp:discover"ST: wifi_bulb,00000000,?,00000010,?,?,?,?,?,?,?,00F8F594), ref: 00F8EA73
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: htonsinet_addrsendto
                                                                                                      • String ID: 239.255.255.250$M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1982MAN: "ssdp:discover"ST: wifi_bulb
                                                                                                      • API String ID: 2605372348-1554089251
                                                                                                      • Opcode ID: ab7c0b3239c468d2e970617f16ef2c61fe0ae6e6fa7b095b578d7bfeea22218d
                                                                                                      • Instruction ID: 1b77b11a0e55e062fed42edd67b71739f63597ddab15c54f8db96af671091f80
                                                                                                      • Opcode Fuzzy Hash: ab7c0b3239c468d2e970617f16ef2c61fe0ae6e6fa7b095b578d7bfeea22218d
                                                                                                      • Instruction Fuzzy Hash: 6001D234A147019FC314DF34D846B6AB7E0FF98740F80CA0EF4998B2A5EB78E5448752
                                                                                                      Function 00FA8550 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _memset.LIBCMT ref: 00FA8576
                                                                                                        • Part of subcall function 00FA9790: __vswprintf.LIBCMT ref: 00FA979D
                                                                                                      • ShellExecuteExA.SHELL32(?,/select,"%s",?,?,00000000,?), ref: 00FA85C1
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Enter$ExecuteLeaveShell__vswprintf_malloc_memset
                                                                                                      • String ID: /select,"%s"$<$open
                                                                                                      • API String ID: 1191157393-2673884991
                                                                                                      • Opcode ID: 1d135602586e439c740499442997ae2cdc1679023134ef56a67634a8a0351a81
                                                                                                      • Instruction ID: 63eef78e33b406df90aa11c2a2aebcc7596ea37a6a4f59ddcb5147360a5cad7a
                                                                                                      • Opcode Fuzzy Hash: 1d135602586e439c740499442997ae2cdc1679023134ef56a67634a8a0351a81
                                                                                                      • Instruction Fuzzy Hash: 2201A2B19143515BD350DF19CC05B4BBBE4BFC5BA8F040A1DF8989B240EB788608C7D6
                                                                                                      Function 00FA49E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetClassInfoA.USER32(00000000,ytWindow,?), ref: 00FA49FC
                                                                                                      • GetClassInfoA.USER32(00000000,ytDialog,?), ref: 00FA4A0E
                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 00FA4A1F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassInfo$LongWindow
                                                                                                      • String ID: ytDialog$ytWindow
                                                                                                      • API String ID: 1596233794-3795027259
                                                                                                      • Opcode ID: fc4b3183102b7f467a4e5397658db5f48a27660962ed6f9722536ce19de140f8
                                                                                                      • Instruction ID: 3ed938c6cebf7e9b98c53764367db1474014404963f8f8799baaa9433ebb388b
                                                                                                      • Opcode Fuzzy Hash: fc4b3183102b7f467a4e5397658db5f48a27660962ed6f9722536ce19de140f8
                                                                                                      • Instruction Fuzzy Hash: 37F0BB7B554320BF8720AB5CDC90CAEB3A9AAC5B20B58860BF894D3144D579F845AB91
                                                                                                      Function 00F8E990 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • inet_addr.WSOCK32 ref: 00F8E9B1
                                                                                                      • inet_addr.WSOCK32(0.0.0.0), ref: 00F8E9BC
                                                                                                      • #21.WSOCK32(?,00000000,0000000F,?,0000000C), ref: 00F8E9D5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: inet_addr
                                                                                                      • String ID: 0.0.0.0$239.255.255.250
                                                                                                      • API String ID: 1393076350-872401277
                                                                                                      • Opcode ID: 595306bd67d9bcdeb63fa1b47cc5ebd538e9fb8553879bc92a3f277c561a1350
                                                                                                      • Instruction ID: e84c2c8860e73729b54d09bced861bc10793e22875526ef15d8ddf511207260c
                                                                                                      • Opcode Fuzzy Hash: 595306bd67d9bcdeb63fa1b47cc5ebd538e9fb8553879bc92a3f277c561a1350
                                                                                                      • Instruction Fuzzy Hash: 8FE03971914312ABD310DF20DC81FAB7BA4AF85A40F108A1FF5886B144E7B49548CBA2
                                                                                                      Function 00F9A180 Relevance: 7.9, APIs: 5, Instructions: 445COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FAAAE0: timeGetTime.WINMM(?,?,00FA9CE9), ref: 00FAAAF5
                                                                                                      • GetSystemMetrics.USER32 ref: 00F9A1BA
                                                                                                      • GetSystemMetrics.USER32(0000004C), ref: 00F9A1C0
                                                                                                      • GetSystemMetrics.USER32(0000004E), ref: 00F9A1CC
                                                                                                      • GetSystemMetrics.USER32(0000004F), ref: 00F9A1DA
                                                                                                      • GetSystemMetrics.USER32(00001000), ref: 00F9A2B8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$Timetime
                                                                                                      • String ID:
                                                                                                      • API String ID: 2145991137-0
                                                                                                      • Opcode ID: 15f5dfdbfa253a758fd45d3feba52035ecfb3db0f0f1346183d001eb47d09e24
                                                                                                      • Instruction ID: 5c658273148c5e59accfcdef8d98e55e22a6ad1958d1445a06f6255e9b9cca16
                                                                                                      • Opcode Fuzzy Hash: 15f5dfdbfa253a758fd45d3feba52035ecfb3db0f0f1346183d001eb47d09e24
                                                                                                      • Instruction Fuzzy Hash: 4B12D672C04B899FDF12DF36C88139AB7A4BF96390F048759FC892B051DB759485EB82
                                                                                                      Function 00FD0A60 Relevance: 7.6, APIs: 5, Instructions: 122keyboardsleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ClientToScreen.USER32(?,?), ref: 00FD0ADB
                                                                                                      • ClientToScreen.USER32(?,?), ref: 00FD0AEF
                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00FD0B89
                                                                                                      • GetAsyncKeyState.USER32(00000010), ref: 00FD0B94
                                                                                                      • Sleep.KERNEL32(000000FA,?,?,?,00000000,?,?,?,?,?,?,?,00FD1920,?), ref: 00FD0BA2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AsyncClientScreenState$Sleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 4187780966-0
                                                                                                      • Opcode ID: 0ae660ad7658a9dcccfcd98ca432d29ebe592f4423d1146ea9ad8c46b4a857bd
                                                                                                      • Instruction ID: 69b0a6f1283a86c1aa499161474f0f39677aa64144aed5e55b57f0a7407544be
                                                                                                      • Opcode Fuzzy Hash: 0ae660ad7658a9dcccfcd98ca432d29ebe592f4423d1146ea9ad8c46b4a857bd
                                                                                                      • Instruction Fuzzy Hash: 69415E75A147058FC744DF28C880A1AB7E1FFC8314F148A6EE889D7351EB34E942DB52
                                                                                                      Function 00FCA200 Relevance: 7.6, APIs: 5, Instructions: 121windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindow.USER32(?), ref: 00FCA22C
                                                                                                      • GetDlgItem.USER32(?,?), ref: 00FCA248
                                                                                                      • CallWindowProcA.USER32(?,?,?,?,?), ref: 00FCA2CD
                                                                                                      • GetDlgItem.USER32(?,00000000), ref: 00FCA2E6
                                                                                                      • SendMessageA.USER32(?,?,00000000,?), ref: 00FCA337
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemWindow$CallMessageProcSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 2403035917-0
                                                                                                      • Opcode ID: 87c0c3742a620a30456a8a76e9cbe66f35d3e6258909a66400032a38245dadfd
                                                                                                      • Instruction ID: 2fc314e63b88cace3e2b13e96bdd22489acb2912b338d38f7f46ead9f30b70f5
                                                                                                      • Opcode Fuzzy Hash: 87c0c3742a620a30456a8a76e9cbe66f35d3e6258909a66400032a38245dadfd
                                                                                                      • Instruction Fuzzy Hash: EF419232B0021A8BD724CF58CA89FAAB3E9EB85724F14851DF446C7255C736FD44EB22
                                                                                                      Function 00FE61C0 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __controlfp$CriticalEnterSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 591697666-0
                                                                                                      • Opcode ID: 09ecabf895a307fe27fa6045fa76144f10db9b29c226e329614c2f6b944532f5
                                                                                                      • Instruction ID: 11bb63b5515cb76013ea9208f7e03430b7df27366dfdf14927d03f5ab753f9b5
                                                                                                      • Opcode Fuzzy Hash: 09ecabf895a307fe27fa6045fa76144f10db9b29c226e329614c2f6b944532f5
                                                                                                      • Instruction Fuzzy Hash: 3A41D272A002098BCB01EF79DC85A5AB3A4FF95360F14836AFD14DB285EB35D854C7E1
                                                                                                      Function 00FC3110 Relevance: 7.6, APIs: 5, Instructions: 115memorystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VariantClear.OLEAUT32(?), ref: 00FC3129
                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00FC3146
                                                                                                      • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000008,00000000,?,00000002,00000000), ref: 00FC31C3
                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00FC31E7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocByteCharClearMultiStringVariantWidelstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3257503732-0
                                                                                                      • Opcode ID: d32dd4dfd9499c4236d14cd40ec3c81518b55871f74b7e71658453d3db34d62b
                                                                                                      • Instruction ID: 201f8bb326d4ec21effb9bd813735f8107d5da037647f6cca305b3fe6b889bda
                                                                                                      • Opcode Fuzzy Hash: d32dd4dfd9499c4236d14cd40ec3c81518b55871f74b7e71658453d3db34d62b
                                                                                                      • Instruction Fuzzy Hash: 58311672E00606ABDB105E648D46FAAB3A4EF54370F18C22DFD15DB241DB39DE0093D1
                                                                                                      Function 00FC4670 Relevance: 7.6, APIs: 6, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CharNextA.USER32(?,00000000,?,?,00000000,00FC501C,00000000,?,00000000), ref: 00FC46A4
                                                                                                      • CharNextA.USER32(00000000,?,00000000,?,?,00000000,00FC501C,00000000,?,00000000), ref: 00FC46B8
                                                                                                      • CharNextA.USER32(00000000,?,00000000,?,?,00000000,00FC501C,00000000,?,00000000), ref: 00FC46C7
                                                                                                      • CharNextA.USER32(00000000,?,00000000,?,?,00000000,00FC501C,00000000,?,00000000), ref: 00FC46CE
                                                                                                      • CharNextA.USER32(?,?,00000000,?,?,00000000,00FC501C,00000000,?,00000000), ref: 00FC470F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 3213498283-0
                                                                                                      • Opcode ID: 225bbc3ce2b8fd611f851311948a849172361a4ff0a408f52487104e9736c81f
                                                                                                      • Instruction ID: 3ea94ea5a9ba26734fe564760461f23a694ffe8fd544395f3ff1ad8ec62ad382
                                                                                                      • Opcode Fuzzy Hash: 225bbc3ce2b8fd611f851311948a849172361a4ff0a408f52487104e9736c81f
                                                                                                      • Instruction Fuzzy Hash: 8331E5719042828FE7328F38DAA1F65FBE59FA7321F28499DD1C08B24AD735AC41D764
                                                                                                      Function 00FA53B0 Relevance: 7.6, APIs: 5, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00FA53E5
                                                                                                      • GetSystemMetrics.USER32(00000010), ref: 00FA53FF
                                                                                                      • GetSystemMetrics.USER32(00000011), ref: 00FA5407
                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00FA541A
                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?), ref: 00FA54C8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MetricsRectSystem$Move
                                                                                                      • String ID:
                                                                                                      • API String ID: 923553678-0
                                                                                                      • Opcode ID: da9afedc31871dfebe41a0b673595bc397b6531a39aefd13a826077c8a422f5f
                                                                                                      • Instruction ID: 6e1913675335f683412dc0fc099066cc24307a381505b61494798c9dc7876888
                                                                                                      • Opcode Fuzzy Hash: da9afedc31871dfebe41a0b673595bc397b6531a39aefd13a826077c8a422f5f
                                                                                                      • Instruction Fuzzy Hash: 64319FB2A043219FC714CF3CC99895EBBE5EBC8B14F054A1DFC88A7249D634EA458BD1
                                                                                                      Function 00FBED40 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                      • PropertySheetA.COMCTL32(?,?), ref: 00FBEDB2
                                                                                                      • IsWindow.USER32(00000000), ref: 00FBEDF1
                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00FBEE01
                                                                                                      • PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00FBEE17
                                                                                                        • Part of subcall function 00FA6820: IsWindow.USER32(00000000), ref: 00FA683C
                                                                                                        • Part of subcall function 00FA6820: IsWindowVisible.USER32(00000000), ref: 00FA684C
                                                                                                        • Part of subcall function 00FA6820: PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00FA6862
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MessagePostVisible$PropertySheet_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 557207101-0
                                                                                                      • Opcode ID: a7224d1e6977f2c2fa77430025cc9cf85ea1cfce18d42045f3c738e30787f084
                                                                                                      • Instruction ID: 61d7c15c4b819e6cb5ce211bdafef7d0e6093ad2dd4990dd3dd5d55e9bdfa883
                                                                                                      • Opcode Fuzzy Hash: a7224d1e6977f2c2fa77430025cc9cf85ea1cfce18d42045f3c738e30787f084
                                                                                                      • Instruction Fuzzy Hash: 533191756006009BD3609F3AD848BA7B7E5BB94310F18892EF982C7684DA7AE9458F61
                                                                                                      Function 00F64430 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetEvent.KERNEL32(?), ref: 00F6444B
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F64479
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6448C
                                                                                                      • DeleteCriticalSection.KERNEL32(?,00000000), ref: 00F644E4
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 00F64538
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$DeleteInterlocked$DecrementEnterEventIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2378710175-0
                                                                                                      • Opcode ID: dc8072e9c0aa5f2f414070922c8949b5f69c649f6ab05534fdd31e06a60e5cc5
                                                                                                      • Instruction ID: 1bded020924fe1a0506a70b9a5a00e85f329d53e236bf8fb21a6c00ddadac1ae
                                                                                                      • Opcode Fuzzy Hash: dc8072e9c0aa5f2f414070922c8949b5f69c649f6ab05534fdd31e06a60e5cc5
                                                                                                      • Instruction Fuzzy Hash: 57314F76900354DFCB20AF59D8C575A77A9FF44321F5884AAEC048B60BCB39BC41DB65
                                                                                                      Function 00FC0720 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FD3040: InterlockedDecrement.KERNEL32(?), ref: 00FD304A
                                                                                                        • Part of subcall function 00FD3040: DeleteObject.GDI32(?), ref: 00FD30BB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FC0752
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FC0761
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FC0789
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FC0798
                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,?,00FC06FA), ref: 00FC07D5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$Decrement$DeleteIncrement$CriticalObjectSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 2346152568-0
                                                                                                      • Opcode ID: c547568458c9883e3dacd94a1c40d6293802d5f8ad4a425a52598fbbed1aaa4b
                                                                                                      • Instruction ID: ebd60b0740c03ae3d6b3952be22e2625d6f9d51836d412c79ca974525a731623
                                                                                                      • Opcode Fuzzy Hash: c547568458c9883e3dacd94a1c40d6293802d5f8ad4a425a52598fbbed1aaa4b
                                                                                                      • Instruction Fuzzy Hash: 00118B72500617ABC6686F64DD86B9AB328FF40310F25822AE988E3501CF3D79526BE1
                                                                                                      Function 00F62B10 Relevance: 7.6, APIs: 5, Instructions: 55networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InternetCloseHandle.WININET(?), ref: 00F62B23
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InternetCloseHandle.WININET(?), ref: 00F62B2D
                                                                                                      • InternetCloseHandle.WININET(?), ref: 00F62B36
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F62B5F
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F62B72
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleInternet$Interlocked$CriticalDecrementEnterIncrementSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 376916703-0
                                                                                                      • Opcode ID: a16ed5b83a0aa1b8c81fdb1f38ca0023b28b89b660a977a6daf3ec0b79e8e5a9
                                                                                                      • Instruction ID: e7fa4ba2c301792059eee6e899c7a7edac9a8b149caf9362587524d388cb8dfe
                                                                                                      • Opcode Fuzzy Hash: a16ed5b83a0aa1b8c81fdb1f38ca0023b28b89b660a977a6daf3ec0b79e8e5a9
                                                                                                      • Instruction Fuzzy Hash: 660129B2911A12AFCB649F6998C4859F7A8FF48320364463AE515E3900C738EDA09BD0
                                                                                                      Function 00FA8690 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA86B0
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA86BF
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FA86DE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FA86ED
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 00FA871B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalDeleteSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 3749696267-0
                                                                                                      • Opcode ID: a97fa4b1d89cb1acb51b58d4d9d95ff6ad8a30e3252fbca0b3a1719fe441aa1f
                                                                                                      • Instruction ID: 2deb59d636a975b96f6ede2e317c16b8aabcb0074d5b807681b6f844bb7a674c
                                                                                                      • Opcode Fuzzy Hash: a97fa4b1d89cb1acb51b58d4d9d95ff6ad8a30e3252fbca0b3a1719fe441aa1f
                                                                                                      • Instruction Fuzzy Hash: 1D01B9B340191697E7211B15DC4576AB754FF463A4F144121E40493B11DFBDED22ABE8
                                                                                                      Function 01004D47 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __getptd.LIBCMT ref: 01004D53
                                                                                                        • Part of subcall function 0100443C: __getptd_noexit.LIBCMT ref: 0100443F
                                                                                                        • Part of subcall function 0100443C: __amsg_exit.LIBCMT ref: 0100444C
                                                                                                      • __amsg_exit.LIBCMT ref: 01004D73
                                                                                                      • __lock.LIBCMT ref: 01004D83
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 01004DA0
                                                                                                      • InterlockedIncrement.KERNEL32(015C1670), ref: 01004DCB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                      • String ID:
                                                                                                      • API String ID: 4271482742-0
                                                                                                      • Opcode ID: 244607bd35390ccb1231b7c32cb3ee7c6224e9224014d2ba8ec89bbe39627973
                                                                                                      • Instruction ID: d60f1167eceae25e8261cca72012950d1f09eab14f82e5d679780f6634891fc7
                                                                                                      • Opcode Fuzzy Hash: 244607bd35390ccb1231b7c32cb3ee7c6224e9224014d2ba8ec89bbe39627973
                                                                                                      • Instruction Fuzzy Hash: 1C016D7AA01612ABF773BF69A44479D7BA4AF04710F05008BEBD0E76C4CB386941CBD9
                                                                                                      Function 00FFD09D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __lock.LIBCMT ref: 00FFD0BB
                                                                                                        • Part of subcall function 01002247: __mtinitlocknum.LIBCMT ref: 0100225D
                                                                                                        • Part of subcall function 01002247: __amsg_exit.LIBCMT ref: 01002269
                                                                                                        • Part of subcall function 01002247: EnterCriticalSection.KERNEL32(?,?,?,0100BEBC,00000004,0103EDD0,0000000C,0100621F,?,?,00000000,00000000,00000000,?,010043EE,00000001), ref: 01002271
                                                                                                      • ___sbh_find_block.LIBCMT ref: 00FFD0C6
                                                                                                      • ___sbh_free_block.LIBCMT ref: 00FFD0D5
                                                                                                      • HeapFree.KERNEL32(00000000,?,0103E838,0000000C,01002228,00000000,0103EB20,0000000C,01002262,?,?,?,0100BEBC,00000004,0103EDD0,0000000C), ref: 00FFD105
                                                                                                      • GetLastError.KERNEL32(?,0100BEBC,00000004,0103EDD0,0000000C,0100621F,?,?,00000000,00000000,00000000,?,010043EE,00000001,00000214), ref: 00FFD116
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                      • String ID:
                                                                                                      • API String ID: 2714421763-0
                                                                                                      • Opcode ID: f87f76334e099231927accbae645fd91de9bdcbcbdda7c5b3fda097610978605
                                                                                                      • Instruction ID: 6998be75cc9efdeb87c836268e2aaa3930066313c957f0a8fe26272f66a22754
                                                                                                      • Opcode Fuzzy Hash: f87f76334e099231927accbae645fd91de9bdcbcbdda7c5b3fda097610978605
                                                                                                      • Instruction Fuzzy Hash: 7A01A232C0421AEAFB317FB09809BAE7B65EF14331F204119F694AA0E4CF7D8941AB54
                                                                                                      Function 00FC6060 Relevance: 7.5, APIs: 5, Instructions: 42threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(010C120C), ref: 00FC6069
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00FC6079
                                                                                                      • LeaveCriticalSection.KERNEL32(010C120C), ref: 00FC6094
                                                                                                      • LeaveCriticalSection.KERNEL32(010C120C), ref: 00FC60B2
                                                                                                      • LeaveCriticalSection.KERNEL32(010C120C), ref: 00FC60CA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2905768538-0
                                                                                                      • Opcode ID: 6f6b7e879d8537561761ae39a33aadbd9d3cdc8efe62ced6f7e6f475fd9b3970
                                                                                                      • Instruction ID: 8617eef9d71788ae492adcc170d47889ac7767659a0081dd719c58da8c37e21d
                                                                                                      • Opcode Fuzzy Hash: 6f6b7e879d8537561761ae39a33aadbd9d3cdc8efe62ced6f7e6f475fd9b3970
                                                                                                      • Instruction Fuzzy Hash: C401A2BEB402118B87309B16F50594D77E2DFCCB22315806EE8D5D7204C639AC518F90
                                                                                                      Function 00FB089D Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 479COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB08A7
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                        • Part of subcall function 00FAF590: EnterCriticalSection.KERNEL32(00000010,?,00000000,00000000), ref: 00FAF5CE
                                                                                                        • Part of subcall function 00FAF590: InterlockedDecrement.KERNEL32(00000000), ref: 00FAF627
                                                                                                        • Part of subcall function 00FAF590: InterlockedIncrement.KERNEL32(00000000), ref: 00FAF63A
                                                                                                        • Part of subcall function 00FAF590: LeaveCriticalSection.KERNEL32(-00000010), ref: 00FAF657
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                        • Part of subcall function 00FD3040: InterlockedDecrement.KERNEL32(?), ref: 00FD304A
                                                                                                        • Part of subcall function 00FD3040: DeleteObject.GDI32(?), ref: 00FD30BB
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB08CA
                                                                                                      Strings
                                                                                                      • Collision found! (layer/object names must be unique), xrefs: 00FB146F
                                                                                                      • $, xrefs: 00FB0C4B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalIncrementSection$Decrement$EnterLeave_malloc$DeleteObject
                                                                                                      • String ID: $$Collision found! (layer/object names must be unique)
                                                                                                      • API String ID: 1814733188-26063040
                                                                                                      • Opcode ID: a87aa826f49821a2df67384801c76c2b2bb2bfb28318a0332a931c25d1475686
                                                                                                      • Instruction ID: f11ceb24aac4f7b264fc7d8d104d8b4c24d6c826210c8dca377d0013a2fe0614
                                                                                                      • Opcode Fuzzy Hash: a87aa826f49821a2df67384801c76c2b2bb2bfb28318a0332a931c25d1475686
                                                                                                      • Instruction Fuzzy Hash: A5227D719083458FD720EF29C881B9FF7E5BF89310F048A2EE99997251EB74A944DF42
                                                                                                      Function 00FB26D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 195COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                        • Part of subcall function 00FB28F0: InterlockedDecrement.KERNEL32(?), ref: 00FB2907
                                                                                                        • Part of subcall function 00FB28F0: InterlockedIncrement.KERNEL32(?), ref: 00FB2916
                                                                                                        • Part of subcall function 00FB28F0: InterlockedDecrement.KERNEL32(?), ref: 00FB2935
                                                                                                        • Part of subcall function 00FB28F0: InterlockedIncrement.KERNEL32(?), ref: 00FB2944
                                                                                                      • _strncmp.LIBCMT ref: 00FB273D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$_strncmp
                                                                                                      • String ID: Property
                                                                                                      • API String ID: 2147874634-1921285768
                                                                                                      • Opcode ID: 83c54e4726cc9cbb2652c004470ee387779c408cf2a5420f0ded67435aae2f2f
                                                                                                      • Instruction ID: 00b638ae4218282844fefa51e9a1ac7acfc407483f96b96ff07b39966741e8ee
                                                                                                      • Opcode Fuzzy Hash: 83c54e4726cc9cbb2652c004470ee387779c408cf2a5420f0ded67435aae2f2f
                                                                                                      • Instruction Fuzzy Hash: B0516932D003445FD361EF26DC913EAB7D6EF85320F54052AF49097152DA2EDA8DEB92
                                                                                                      Function 0101243D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 010124CD
                                                                                                        • Part of subcall function 01014570: __87except.LIBCMT ref: 010145AB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorHandling__87except__start
                                                                                                      • String ID: pow
                                                                                                      • API String ID: 2905807303-2276729525
                                                                                                      • Opcode ID: 92003ea1cd756521d04c960e18fa16cdb09230972186aa47c2925fac89e2152b
                                                                                                      • Instruction ID: 70c26071faef8de16b2b512323d774819c196aea32f0a6139d18067cf6c88f66
                                                                                                      • Opcode Fuzzy Hash: 92003ea1cd756521d04c960e18fa16cdb09230972186aa47c2925fac89e2152b
                                                                                                      • Instruction Fuzzy Hash: AB512971A08202C7DB66AB1CD9603AE7FE4AB44714F248D98E4D6C21BDEF3D8494DB47
                                                                                                      Function 00F873D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157comCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CoCreateInstance.OLE32(01018A0C,00000000,00000001,01018AAC,?,?,?,?,?), ref: 00F873F9
                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F8748D
                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F87506
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Variant$ClearCreateInitInstance
                                                                                                      • String ID: FriendlyName
                                                                                                      • API String ID: 2276638090-3623505368
                                                                                                      • Opcode ID: a2c0f7f9f8ab81b7cb48a4488b05f185b8db96d11b9ab58bf21e240d5dc0f816
                                                                                                      • Instruction ID: b6203acc0fa724e3cba7ebb569e40daf747e29f4d1706c0fe5f2d64b32068393
                                                                                                      • Opcode Fuzzy Hash: a2c0f7f9f8ab81b7cb48a4488b05f185b8db96d11b9ab58bf21e240d5dc0f816
                                                                                                      • Instruction Fuzzy Hash: D45137B16083019FC310EF69C880DABB7E9AFC8714F14896DF589CB225D635ED45CB61
                                                                                                      Function 00FD4E50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ($6
                                                                                                      • API String ID: 0-4149066357
                                                                                                      • Opcode ID: 1e84fa75b1de5ea6b5d4307df54d6f3937d9764257f510a32ec93785df2e52b0
                                                                                                      • Instruction ID: 17303cfb481bd957759759df17b0fbd7ec2d13efd4132de8c6081abe6dcbece4
                                                                                                      • Opcode Fuzzy Hash: 1e84fa75b1de5ea6b5d4307df54d6f3937d9764257f510a32ec93785df2e52b0
                                                                                                      • Instruction Fuzzy Hash: 0F5102719083549BC310DF24C881A6BFBA4FFA9314F048A1FF59487311E776E548D792
                                                                                                      Function 00FC41E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(REGISTRY), ref: 00FC41FA
                                                                                                      • _malloc.LIBCMT ref: 00FC424D
                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,REGISTRY,000000FF,00000008,00000000,00000000,00000000), ref: 00FC4278
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide_malloclstrlen
                                                                                                      • String ID: REGISTRY
                                                                                                      • API String ID: 2576735857-194740550
                                                                                                      • Opcode ID: cada4f377ec2658a7f4278116ea299a236942fcb46e68b1fbfec5f8968ec397f
                                                                                                      • Instruction ID: 9556c3f1a635f4f3db41d5aa1980de0fa1d067cd8aeebde938532988b9aebc91
                                                                                                      • Opcode Fuzzy Hash: cada4f377ec2658a7f4278116ea299a236942fcb46e68b1fbfec5f8968ec397f
                                                                                                      • Instruction Fuzzy Hash: BC310772F0021A67DB219AB49E53FEB73A99F54730F14422DFD05DB281E678EC00A2E1
                                                                                                      Function 00F86120 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _printf.LIBCMT ref: 00F86189
                                                                                                        • Part of subcall function 00F873D0: CoCreateInstance.OLE32(01018A0C,00000000,00000001,01018AAC,?,?,?,?,?), ref: 00F873F9
                                                                                                        • Part of subcall function 00F873D0: VariantInit.OLEAUT32(?), ref: 00F8748D
                                                                                                      • _printf.LIBCMT ref: 00F8615E
                                                                                                      Strings
                                                                                                      • setVideoSetting - QueryInterface Error, xrefs: 00F86184
                                                                                                      • setVideoSetting - getDevice Error, xrefs: 00F86159
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _printf$CreateInitInstanceVariant
                                                                                                      • String ID: setVideoSetting - QueryInterface Error$setVideoSetting - getDevice Error
                                                                                                      • API String ID: 3168655514-3218771215
                                                                                                      • Opcode ID: 3bbef9fee2f3d500d8d72376e6fdaf54947f05fd12af16cbb11379fe44b70de0
                                                                                                      • Instruction ID: 2159269e425dce1a4f5bf2a1517026759c54e49d8937ec64b414f0279c9c4ba7
                                                                                                      • Opcode Fuzzy Hash: 3bbef9fee2f3d500d8d72376e6fdaf54947f05fd12af16cbb11379fe44b70de0
                                                                                                      • Instruction Fuzzy Hash: C0316B72200A04AFD610EA65DC84FA7B3A8FF88714F20861DE24ACB652D735E946DB60
                                                                                                      Function 00FD87D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FD8818
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FD882B
                                                                                                      • InternetCrackUrlA.WININET(00000000,00000001,80000000,?), ref: 00FD8855
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CrackDecrementIncrementInternet
                                                                                                      • String ID: https
                                                                                                      • API String ID: 3163651207-1056335270
                                                                                                      • Opcode ID: 39ee577140b06a48678b20f796e70ea7b58b9944bd12d0922cc041871d41a25f
                                                                                                      • Instruction ID: ad489bd706a797acd3d58a9ca1b976c0252d48a9bedc93e11a786c0183d3f26b
                                                                                                      • Opcode Fuzzy Hash: 39ee577140b06a48678b20f796e70ea7b58b9944bd12d0922cc041871d41a25f
                                                                                                      • Instruction Fuzzy Hash: B7313933A042415FD7218F24DC84BA7776BEF903A0F5C852BE981C7341EB36D90AA7A0
                                                                                                      Function 00FA4DC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateWindowExA.USER32(00000080,ytWindow,00000000,84000000,00000058,?,?,?,?,00000000,00000000,00000000), ref: 00FA4E66
                                                                                                      • InterlockedIncrement.KERNEL32(010C709C), ref: 00FA4E89
                                                                                                      • SetWindowLongA.USER32(?,000000EB,00000000), ref: 00FA4E96
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$CreateIncrementInterlockedLong
                                                                                                      • String ID: ytWindow
                                                                                                      • API String ID: 2645208122-4086365346
                                                                                                      • Opcode ID: 23cffa497ed366f139ffc650d0c30821efe8b67af1f4f515cfa28164a60b238b
                                                                                                      • Instruction ID: beb4d204a79abe7ee57ffdfee577f05031ba2d87064851ae021ab1923abdc80e
                                                                                                      • Opcode Fuzzy Hash: 23cffa497ed366f139ffc650d0c30821efe8b67af1f4f515cfa28164a60b238b
                                                                                                      • Instruction Fuzzy Hash: 4431ACB5644340AFD720DFA6DCC4E27BBE8FB8A314F14851DF68647251D2B1B844DBA1
                                                                                                      Function 00F86050 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _printf.LIBCMT ref: 00F860B0
                                                                                                        • Part of subcall function 00F873D0: CoCreateInstance.OLE32(01018A0C,00000000,00000001,01018AAC,?,?,?,?,?), ref: 00F873F9
                                                                                                        • Part of subcall function 00F873D0: VariantInit.OLEAUT32(?), ref: 00F8748D
                                                                                                      • _printf.LIBCMT ref: 00F86088
                                                                                                      Strings
                                                                                                      • setVideoSetting - QueryInterface Error, xrefs: 00F860AB
                                                                                                      • setVideoSetting - getDevice Error, xrefs: 00F86083
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _printf$CreateInitInstanceVariant
                                                                                                      • String ID: setVideoSetting - QueryInterface Error$setVideoSetting - getDevice Error
                                                                                                      • API String ID: 3168655514-3218771215
                                                                                                      • Opcode ID: 7aadef7f0fda51516078936118e74412c7a1238898e9c738cb7a7511f23b802d
                                                                                                      • Instruction ID: 41c3bf33da650d68c3dcd37ff200d97f143e6a6d4463c321762f22b59d730f2a
                                                                                                      • Opcode Fuzzy Hash: 7aadef7f0fda51516078936118e74412c7a1238898e9c738cb7a7511f23b802d
                                                                                                      • Instruction Fuzzy Hash: 9A216D71600B009FD710EAA4D884FA7B3A9BF99314F20455DE286CB261D776F84AEB61
                                                                                                      Function 00F71080 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _rand.LIBCMT ref: 00F710F0
                                                                                                      • EnterCriticalSection.KERNEL32(?,?), ref: 00F7118B
                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00F711A5
                                                                                                        • Part of subcall function 00F65330: GetTickCount.KERNEL32 ref: 00F65330
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$CountEnterLeaveTick_rand
                                                                                                      • String ID: matrix=1
                                                                                                      • API String ID: 410073765-928389327
                                                                                                      • Opcode ID: 8718a0bcdd4d8e7ef311706e1629ffdfb64ac38b0dfc225b33db2501413e857e
                                                                                                      • Instruction ID: 28577af0bfef298b65adcbbe50cacadadee0a4fefff864fb62e7bb6daf4d8994
                                                                                                      • Opcode Fuzzy Hash: 8718a0bcdd4d8e7ef311706e1629ffdfb64ac38b0dfc225b33db2501413e857e
                                                                                                      • Instruction Fuzzy Hash: CE31C232804B009ED322EF34D81479BF7E8BF85354F04CA1AF5DE62141EB789189DB52
                                                                                                      Function 00F67440 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F674CE
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F674E1
                                                                                                      Strings
                                                                                                      • https://justgetflux.com/winmap.html, xrefs: 00F67470
                                                                                                      • %s?lat=%f&lng=%f, xrefs: 00F67475
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: %s?lat=%f&lng=%f$https://justgetflux.com/winmap.html
                                                                                                      • API String ID: 2172605799-3743363915
                                                                                                      • Opcode ID: 45dce46dc1df168e74999038c4470e20d56fa1d0fd49eb979dabcb5fa81e4b9f
                                                                                                      • Instruction ID: 0d188f42699dc2afd8f6e7298b4217663f16c1e5213ed8f95f27f600f3d2c08a
                                                                                                      • Opcode Fuzzy Hash: 45dce46dc1df168e74999038c4470e20d56fa1d0fd49eb979dabcb5fa81e4b9f
                                                                                                      • Instruction Fuzzy Hash: AD1193325093068BD710FF24D989A6B7BE8FF84718F444869E885D7106DF3DD918A6A2
                                                                                                      Function 00FB6BF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 00FB6C2C
                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00FB6C43
                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00FB6C4A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                      • String ID: DISPLAY
                                                                                                      • API String ID: 3136151823-865373369
                                                                                                      • Opcode ID: 76f99e11b540f6ee2771e13aaf1e86be678bffe09480bbaff0711a0882a9228e
                                                                                                      • Instruction ID: 7c41ae1abdf87cddd2327f1ab646edf5847bb30baeae2f1b0ff17a0b808a1d71
                                                                                                      • Opcode Fuzzy Hash: 76f99e11b540f6ee2771e13aaf1e86be678bffe09480bbaff0711a0882a9228e
                                                                                                      • Instruction Fuzzy Hash: FC11E7B29107005AC7316E2FCC45AD7BBE4EFD4761F454A2EE8C9D2141EB79D0819B51
                                                                                                      Function 00FBA200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateDCA.GDI32(DISPLAY,?,00000000,00000000), ref: 00FBA25B
                                                                                                      • DeleteDC.GDI32(00000000), ref: 00FBA277
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDelete
                                                                                                      • String ID: DISPLAY$H
                                                                                                      • API String ID: 2606249652-423613333
                                                                                                      • Opcode ID: 914194d7387a8ba6fd80d8ca4024bd6ddb34196c8b6579a4750fb07a02209c95
                                                                                                      • Instruction ID: b5758aba93f48b7330db6f6d5cf13daffaf45a3834e64cbd53e1aa2bd5b81389
                                                                                                      • Opcode Fuzzy Hash: 914194d7387a8ba6fd80d8ca4024bd6ddb34196c8b6579a4750fb07a02209c95
                                                                                                      • Instruction Fuzzy Hash: C011C8716042045BC624DFA9D846BEFB3A8EF85720F00062AF95587291DBB59804DBE3
                                                                                                      Function 00FB14E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB151D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB1530
                                                                                                      Strings
                                                                                                      • Collision found in button label (layer/object names must be unique), xrefs: 00FB1573
                                                                                                      • -label, xrefs: 00FB1540
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: -label$Collision found in button label (layer/object names must be unique)
                                                                                                      • API String ID: 2172605799-211194163
                                                                                                      • Opcode ID: 1d678180f6a25f668e0e77ea0b59c19a733f851a3050b1f3dd391b4961ca659f
                                                                                                      • Instruction ID: d1c03263b1afa9d7ebdd6aca98f21383aba031fb56b50a7fa7e6a81009300c38
                                                                                                      • Opcode Fuzzy Hash: 1d678180f6a25f668e0e77ea0b59c19a733f851a3050b1f3dd391b4961ca659f
                                                                                                      • Instruction Fuzzy Hash: 4B11A3729012016BD630DB62DCA6BAB7398BBC0720F58842DF45787145DB38EA04DBA1
                                                                                                      Function 00FA4870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindow.USER32(?,00000004), ref: 00FA4878
                                                                                                      • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 00FA4903
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • GetClassNameA.USER32(?,-00000004), ref: 00FA48D0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$ClassEnterLeaveMessageNameSendWindow_malloc
                                                                                                      • String ID: ytWindow
                                                                                                      • API String ID: 3386466485-4086365346
                                                                                                      • Opcode ID: 77a7a17a81d096e69b2d26c859020b17115946195a27aab0143abd9f8daa900b
                                                                                                      • Instruction ID: 8e8863b5ece20bd02753068b6f474fb248450fe8e80d62ee578bf7f67c892f8d
                                                                                                      • Opcode Fuzzy Hash: 77a7a17a81d096e69b2d26c859020b17115946195a27aab0143abd9f8daa900b
                                                                                                      • Instruction Fuzzy Hash: 2511E171604301AFE328EB64DC95B6B7798FF81310F04881DF1868B191CBBDE848D7A0
                                                                                                      Function 00FD0616 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FA6B50: GetSystemMetrics.USER32(00000017), ref: 00FA6B52
                                                                                                        • Part of subcall function 00FA6B50: GetAsyncKeyState.USER32(00000001), ref: 00FA6B60
                                                                                                      • FindWindowExA.USER32(00000000,00000000,#32768,00000000), ref: 00FD063F
                                                                                                      • PostMessageA.USER32(00000000,00000100,0000000D,011C0001), ref: 00FD065E
                                                                                                      • PostMessageA.USER32(00000000,00000101,0000000D,C11C0001), ref: 00FD066D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePost$AsyncFindMetricsStateSystemWindow
                                                                                                      • String ID: #32768
                                                                                                      • API String ID: 4284319192-207879865
                                                                                                      • Opcode ID: 58f0a49281e68968feb7d469c316cd897fd857a7b78b58fd685c5b310aa12631
                                                                                                      • Instruction ID: c7e1325ae24a256eedb48282f9f80a3def991ebdf49c3f520da6269c177f99a1
                                                                                                      • Opcode Fuzzy Hash: 58f0a49281e68968feb7d469c316cd897fd857a7b78b58fd685c5b310aa12631
                                                                                                      • Instruction Fuzzy Hash: 0DF0F632B8121066DA30A656AC46FA67302D791F21F084067FB40EF281C9EB8861AAA5
                                                                                                      Function 0100D10D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,010019A3), ref: 0100D112
                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0100D122
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                      • Opcode ID: ed958955ffc3bdc75d8c1aaed677fa343cba68966cca6af77964264236fc30b7
                                                                                                      • Instruction ID: 8b9c0560de7d43f6d1c59ed6e68768de0b47a47868eb6f55807cdf77d7fc0473
                                                                                                      • Opcode Fuzzy Hash: ed958955ffc3bdc75d8c1aaed677fa343cba68966cca6af77964264236fc30b7
                                                                                                      • Instruction Fuzzy Hash: 5EF03630A00A09E2EF112BE5AC1E6AE7E79BB84745F410594D1D1A10C8DF7981B0C766
                                                                                                      Function 00FC6920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetParent.USER32(?), ref: 00FC6935
                                                                                                      • GetClassNameA.USER32(00000000,00000008,00000008), ref: 00FC6943
                                                                                                      • lstrcmpA.KERNEL32(?,#32770), ref: 00FC6968
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassNameParentlstrcmp
                                                                                                      • String ID: #32770
                                                                                                      • API String ID: 3513268407-463685578
                                                                                                      • Opcode ID: c6b309c6f662bc1b02a61eaa9c4873313962a54eb97397b32932ebd792f337a6
                                                                                                      • Instruction ID: a10af4e4368cac785cefd43e66a23e8d806ba9f982efccbc6ec06b7dac670051
                                                                                                      • Opcode Fuzzy Hash: c6b309c6f662bc1b02a61eaa9c4873313962a54eb97397b32932ebd792f337a6
                                                                                                      • Instruction Fuzzy Hash: 66F054B96143016FC614DF74E946E3B77A4AF98700F40C81DF586C7154EA39D508DB52
                                                                                                      Function 00FA4F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27registrywindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadIconA.USER32(00000000,00007F00), ref: 00FA4F82
                                                                                                      • GetStockObject.GDI32(00000000), ref: 00FA4FC3
                                                                                                      • RegisterClassA.USER32(010C1A44), ref: 00FA4FE3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ClassIconLoadObjectRegisterStock
                                                                                                      • String ID: ytWindow
                                                                                                      • API String ID: 4133655676-4086365346
                                                                                                      • Opcode ID: 0b19f0a7cbf58513f75e2bbd7fc519f1d2e4dac08542d2c540d9b603fdc423de
                                                                                                      • Instruction ID: f3ff68bcd86e12f4bdb2bb3f05117269bb7b644bc246fd96d8ebc5e061b0a035
                                                                                                      • Opcode Fuzzy Hash: 0b19f0a7cbf58513f75e2bbd7fc519f1d2e4dac08542d2c540d9b603fdc423de
                                                                                                      • Instruction Fuzzy Hash: F7F0FFB5809A60DF8375CF5DF8486953BE8B708B00710501FF1C682A0EDBBE5140DF84
                                                                                                      Function 010167C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(shell32.dll,00000000,00000008), ref: 010167C9
                                                                                                      • GetProcAddress.KERNEL32(00000000,SHQueryUserNotificationState), ref: 010167EF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: SHQueryUserNotificationState$shell32.dll
                                                                                                      • API String ID: 2574300362-4248467629
                                                                                                      • Opcode ID: f3a44c77894bcf67c297a395c92c3242447b939534f832c2ab66f6946229fa0d
                                                                                                      • Instruction ID: d0f4fbef2fdb0745c30051db4e7a5c086fd809d1094695b68a136cddca1c3f66
                                                                                                      • Opcode Fuzzy Hash: f3a44c77894bcf67c297a395c92c3242447b939534f832c2ab66f6946229fa0d
                                                                                                      • Instruction Fuzzy Hash: 89E0E6755413069FD7676B715C56B093561B750A42F108059F2C19E158EBBE80445F04
                                                                                                      Function 01016960 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016969
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetPhysicalMonitorsFromHMONITOR), ref: 0101698F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: GetPhysicalMonitorsFromHMONITOR$dxva2.dll
                                                                                                      • API String ID: 2574300362-430524304
                                                                                                      • Opcode ID: 68aa7c4b6bb53083c7e1998427b86eabb02f638f79dd60d332794f8baa2bcacc
                                                                                                      • Instruction ID: e3fa3202716b55289b1b404bc734c6bccf624fb01b4bd6569cfa97e2dd70fafc
                                                                                                      • Opcode Fuzzy Hash: 68aa7c4b6bb53083c7e1998427b86eabb02f638f79dd60d332794f8baa2bcacc
                                                                                                      • Instruction Fuzzy Hash: CCE01271A813055FC6762F7A6C4BF45369AAB80A02F10C01EFAC19E15EDFBD80445F04
                                                                                                      Function 010169B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 010169B9
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetMonitorRedGreenOrBlueGain), ref: 010169DF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: SetMonitorRedGreenOrBlueGain$dxva2.dll
                                                                                                      • API String ID: 2574300362-483114687
                                                                                                      • Opcode ID: 794f3dbb2b418f865ce76d963cf6d8bfdf6b66cb1f3123271d4c69bfbeb8979d
                                                                                                      • Instruction ID: b89f926ed1aa5aae7f30103ef0e62289940f52c43d25e9df8edcd907cdb02c28
                                                                                                      • Opcode Fuzzy Hash: 794f3dbb2b418f865ce76d963cf6d8bfdf6b66cb1f3123271d4c69bfbeb8979d
                                                                                                      • Instruction Fuzzy Hash: 67E08C71A813005FC7712BB16C0BA083655AB80B02F508C5EB6C28A04CDBBD82005F91
                                                                                                      Function 01016860 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(kernel32.dll,00000000,00000008), ref: 01016869
                                                                                                      • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameA), ref: 0101688F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: QueryFullProcessImageNameA$kernel32.dll
                                                                                                      • API String ID: 2574300362-4191084282
                                                                                                      • Opcode ID: 4cf509ffa2b48b62416275e3a06ce49b2917f7b244fc75b09e6f992a0640f158
                                                                                                      • Instruction ID: 86ce2d97abb9f955e633dcf238cdfccff6b501a531b23bc6c7d245c422d59761
                                                                                                      • Opcode Fuzzy Hash: 4cf509ffa2b48b62416275e3a06ce49b2917f7b244fc75b09e6f992a0640f158
                                                                                                      • Instruction Fuzzy Hash: 78E08CB1A803165ECA762BB96C0AE0136A6AB40B42B10841AF2C28A049DBBE80005F44
                                                                                                      Function 01016B40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016B49
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetMonitorBrightness), ref: 01016B6F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: SetMonitorBrightness$dxva2.dll
                                                                                                      • API String ID: 2574300362-4031707143
                                                                                                      • Opcode ID: 740bedddf04a3de8caad47a6af2e6f5beb4a3d82cbb86ff550a0426429da262b
                                                                                                      • Instruction ID: 1fdf49beeb2fad8a823970dfe3fca2174c214eb239aba75d166e6de737f77e4f
                                                                                                      • Opcode Fuzzy Hash: 740bedddf04a3de8caad47a6af2e6f5beb4a3d82cbb86ff550a0426429da262b
                                                                                                      • Instruction Fuzzy Hash: E7E08C71A803015EC6722BB2AC8BA413694AB80B02F10C00AB6C18A19DDFBD80425F94
                                                                                                      Function 01016B90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016B99
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetVCPFeatureAndVCPFeatureReply), ref: 01016BBF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: GetVCPFeatureAndVCPFeatureReply$dxva2.dll
                                                                                                      • API String ID: 2574300362-2992149948
                                                                                                      • Opcode ID: 963c8f2d2739d79364ac5bcd490f130031950e747c10e0805803f949c85b44c6
                                                                                                      • Instruction ID: ab4ed93fb08e0b2af0e1a33cd3028d5ad8a51c852eed4a39d0bca8bc1160607e
                                                                                                      • Opcode Fuzzy Hash: 963c8f2d2739d79364ac5bcd490f130031950e747c10e0805803f949c85b44c6
                                                                                                      • Instruction Fuzzy Hash: C0E08CB1A813045FCB792BB1AC0BA403A54AB81B02F10909EF6C18D15CDBFD80005F00
                                                                                                      Function 01016A00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016A09
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorCapabilities), ref: 01016A2F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: GetMonitorCapabilities$dxva2.dll
                                                                                                      • API String ID: 2574300362-1749667141
                                                                                                      • Opcode ID: 7820cd2c24312083d971f994b2fd10b0279fcdf1a271be8516d86082976d4794
                                                                                                      • Instruction ID: 074742df4c1f92147fc07b4316b7d79b39b27c6661a9edc7d300172ba3a5d799
                                                                                                      • Opcode Fuzzy Hash: 7820cd2c24312083d971f994b2fd10b0279fcdf1a271be8516d86082976d4794
                                                                                                      • Instruction Fuzzy Hash: 5FE08C71A803005FC6712BB26C0BA483695AB84B02F50C40EB6C1A904CDBBD81025F94
                                                                                                      Function 01016A50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016A59
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorRedGreenOrBlueGain), ref: 01016A7F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: GetMonitorRedGreenOrBlueGain$dxva2.dll
                                                                                                      • API String ID: 2574300362-4073304217
                                                                                                      • Opcode ID: 2c74536ad901ec4a0dbfc2a0314fcc3e467f702a4a433f352c2bf76034a8af0f
                                                                                                      • Instruction ID: fdce10ddbc0744f9e566af7bcdb868b67efa12eeb67f7ceec1cae2ff816feeb7
                                                                                                      • Opcode Fuzzy Hash: 2c74536ad901ec4a0dbfc2a0314fcc3e467f702a4a433f352c2bf76034a8af0f
                                                                                                      • Instruction Fuzzy Hash: 31E08CB1A81300AEC7712BB16C0BA453694AB84B02F10C04EB6C19904EDBBE84015F08
                                                                                                      Function 01016AA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016AA9
                                                                                                      • GetProcAddress.KERNEL32(00000000,DestroyPhysicalMonitors), ref: 01016ACF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: DestroyPhysicalMonitors$dxva2.dll
                                                                                                      • API String ID: 2574300362-493620438
                                                                                                      • Opcode ID: f2c6fd61a77589616ee31b79c5c31949065489436baecd87bdb98e2ce21283df
                                                                                                      • Instruction ID: 203d00a72edfed5f6a51e0e9f2f501190096c5904413f9026c27923b5abd7c58
                                                                                                      • Opcode Fuzzy Hash: f2c6fd61a77589616ee31b79c5c31949065489436baecd87bdb98e2ce21283df
                                                                                                      • Instruction Fuzzy Hash: B6E08C75A80300AECB756BB26C0BA013694AB84B02F10C00AF6C18905EDBBD80445F08
                                                                                                      Function 01016AF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(dxva2.dll,00000000,00000008), ref: 01016AF9
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorBrightness), ref: 01016B1F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: GetMonitorBrightness$dxva2.dll
                                                                                                      • API String ID: 2574300362-1898006565
                                                                                                      • Opcode ID: a41f976c24f4758976ed6c66ff5da8db52c6510a36515ce0666307dc7f60923d
                                                                                                      • Instruction ID: 3ffd1224e2e4817125fc87575279023efc14131a20bf1b067b4adc2242200199
                                                                                                      • Opcode Fuzzy Hash: a41f976c24f4758976ed6c66ff5da8db52c6510a36515ce0666307dc7f60923d
                                                                                                      • Instruction Fuzzy Hash: 21E08CB1A823056ED7712BB16C8BA103799AB80B06F10844EB6C18905CDBBD80025F40
                                                                                                      Function 01016D00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000008), ref: 01016D09
                                                                                                      • GetProcAddress.KERNEL32(00000000,SetMagnificationDesktopColorEffect), ref: 01016D2F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: SetMagnificationDesktopColorEffect$user32.dll
                                                                                                      • API String ID: 2574300362-985557771
                                                                                                      • Opcode ID: b40232439a273bfae526d534c2008a480db84267ac3418ebcc1ea41486d2caad
                                                                                                      • Instruction ID: 3d3a647654397a0554415da1959412fadecae91c994c3db8a6ff865a92b33d52
                                                                                                      • Opcode Fuzzy Hash: b40232439a273bfae526d534c2008a480db84267ac3418ebcc1ea41486d2caad
                                                                                                      • Instruction Fuzzy Hash: C1E08C72A813085FC7613F726C0BA553A60AB80A02F22800EF6C28D04CDFBD80405F90
                                                                                                      Function 01016DA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(mscms.dll,00000000,00000008), ref: 01016DA9
                                                                                                      • GetProcAddress.KERNEL32(00000000,InternalGetAppliedGammaRamp), ref: 01016DCF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: InternalGetAppliedGammaRamp$mscms.dll
                                                                                                      • API String ID: 2574300362-4175834546
                                                                                                      • Opcode ID: 4f310201299686de772b0d81ac6d6be7654f1cb9821a03f8feba4e82e889711d
                                                                                                      • Instruction ID: b771afe3c1d2d3cb248622a8f1ce1e99d8ab05b0ba9caa581b338c08a598c8f0
                                                                                                      • Opcode Fuzzy Hash: 4f310201299686de772b0d81ac6d6be7654f1cb9821a03f8feba4e82e889711d
                                                                                                      • Instruction Fuzzy Hash: 0CE0EC76A8130A5EC6A73B766C4BA193665BB81A02F10941FF6C29D14CDFBD80449F04
                                                                                                      Function 01016CB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExA.KERNEL32(magnification.dll,00000000,00000008), ref: 01016CB9
                                                                                                      • GetProcAddress.KERNEL32(00000000,MagSetFullscreenColorEffect), ref: 01016CDF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: MagSetFullscreenColorEffect$magnification.dll
                                                                                                      • API String ID: 2574300362-2244557342
                                                                                                      • Opcode ID: 66a99f31641479ef0bdb0dd00254231d8641dd38224d3154cb7b8284167f5ad0
                                                                                                      • Instruction ID: b782fcd1dd4153e9dd35ad4b67dfd8c1143882ce54bff8f0bd5fb80bc2c3ea86
                                                                                                      • Opcode Fuzzy Hash: 66a99f31641479ef0bdb0dd00254231d8641dd38224d3154cb7b8284167f5ad0
                                                                                                      • Instruction Fuzzy Hash: A3E0EC76A81309AFC6657B71AD0BF6536A5AB40E12F11805EB6C29914CDBBE81005F54
                                                                                                      Function 00F9ABE5 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4dbd0a19957004c9b69caa28ddd58415b39345c5b6f4d907f7083dfe566654e1
                                                                                                      • Instruction ID: f4b70bae3804bc5ea28811338172228a76b05a535d596ffab34da299dbb7ec10
                                                                                                      • Opcode Fuzzy Hash: 4dbd0a19957004c9b69caa28ddd58415b39345c5b6f4d907f7083dfe566654e1
                                                                                                      • Instruction Fuzzy Hash: 5CA12476818BC58BD720CF2698812ABF7F1BFDA340F109B0EF4D556151EB799488EB42
                                                                                                      Function 00F9ABE3 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dd024f5665b8ec2a927631ba51ee92861542904d376034f58ec4a6f21f7807ca
                                                                                                      • Instruction ID: 9ea3f24b2c52532ee654c6745680f96633f9b9cee742448ee302cb7657060291
                                                                                                      • Opcode Fuzzy Hash: dd024f5665b8ec2a927631ba51ee92861542904d376034f58ec4a6f21f7807ca
                                                                                                      • Instruction Fuzzy Hash: BCA13476818BC58BD720CF2698812ABF7F1BFDA340F109B0EF4D556151EB799488EB42
                                                                                                      Function 00FB2B10 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB2BD5
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB2BE4
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB2C99
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB2CA8
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalDecrementIncrementSection$EnterLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3865869905-0
                                                                                                      • Opcode ID: 4cfda48c8a61cab4692d8470b6fcb73456f95f6e36b740929eb0ee0f3fe70e4b
                                                                                                      • Instruction ID: 308a43bd34af68402871c565d668bc9ab76b4f3108ceac638d27bd70b456808a
                                                                                                      • Opcode Fuzzy Hash: 4cfda48c8a61cab4692d8470b6fcb73456f95f6e36b740929eb0ee0f3fe70e4b
                                                                                                      • Instruction Fuzzy Hash: 3C51D7735042128FD751DF19DC84AEB77D8EF84720F198869EC85D7201DA3AEA09AFE1
                                                                                                      Function 00FC0C90 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CaptureCursor$LoadRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3249524727-0
                                                                                                      • Opcode ID: a6b09874b790a76415e46682d16fed64283b3a699f91dbddb125fac338e6c5e3
                                                                                                      • Instruction ID: df1a5f51a9f03dbbc31ec65d6d0bd512405469196082f84057cadfa5bae464ea
                                                                                                      • Opcode Fuzzy Hash: a6b09874b790a76415e46682d16fed64283b3a699f91dbddb125fac338e6c5e3
                                                                                                      • Instruction Fuzzy Hash: 5861AC30A04B41CFC721CF69C184A2AF7E4BFD8714F148B4EE48AA7291DB74E981CB52
                                                                                                      Function 00F624A0 Relevance: 6.1, APIs: 4, Instructions: 145registryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,000F003F), ref: 00F6259E
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F625D1
                                                                                                      • InterlockedIncrement.KERNEL32 ref: 00F625F8
                                                                                                      • InterlockedDecrement.KERNEL32 ref: 00F6260B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CloseDecrementIncrementQueryValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 3292609818-0
                                                                                                      • Opcode ID: 3257b70523e35df09f28d03dcb69429fffda419ab87f92b677eade5ed281993e
                                                                                                      • Instruction ID: b9dcbdf0cb222cef43cbe376ff2bd8450bc312c113110ab5b2478ebd2d925135
                                                                                                      • Opcode Fuzzy Hash: 3257b70523e35df09f28d03dcb69429fffda419ab87f92b677eade5ed281993e
                                                                                                      • Instruction Fuzzy Hash: 96418EB2A08B419BC7A1DF58CDD096BB3E5AF88710F584D2EF58AD3201D734ED449B92
                                                                                                      Function 00F84C10 Relevance: 6.1, APIs: 4, Instructions: 142comCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00F84C41
                                                                                                        • Part of subcall function 00FA8D90: _memset.LIBCMT ref: 00FA8DCF
                                                                                                        • Part of subcall function 00FA8D90: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000000,00000090,?), ref: 00FA8DE5
                                                                                                        • Part of subcall function 00FA8D90: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00FA8DED
                                                                                                        • Part of subcall function 00FA8D90: VerifyVersionInfoA.KERNEL32(?,00000003,00000000), ref: 00FA8DF8
                                                                                                      • CoCreateInstance.OLE32(0102417C,00000000,00000004,0102E35C,?), ref: 00F84C8D
                                                                                                        • Part of subcall function 00F84E20: DeleteCriticalSection.KERNEL32(00000065,00F84CEF), ref: 00F84E34
                                                                                                      • CoCreateInstance.OLE32(0102417C,00000000,00000004,0102E36C,?), ref: 00F84D29
                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00F84DA7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ConditionCreateCriticalDeleteInstanceMaskSection_memset$InfoVerifyVersion
                                                                                                      • String ID:
                                                                                                      • API String ID: 1793199186-0
                                                                                                      • Opcode ID: a68b7179aa9d703bdb98596e78e45b1a511bca7915e44d3d448e857945418a25
                                                                                                      • Instruction ID: f6df45c6da0401f7ac531ef9eb821b64b93efc1a929155de1e4cd44047a2531d
                                                                                                      • Opcode Fuzzy Hash: a68b7179aa9d703bdb98596e78e45b1a511bca7915e44d3d448e857945418a25
                                                                                                      • Instruction Fuzzy Hash: 095157B26083429FD320EF64D880AABB7E9BFC9304F14894DF29587351D735E809CB52
                                                                                                      Function 00FFEB51 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __flush.LIBCMT ref: 00FFEC15
                                                                                                      • __fileno.LIBCMT ref: 00FFEC35
                                                                                                      • __locking.LIBCMT ref: 00FFEC3C
                                                                                                      • __flsbuf.LIBCMT ref: 00FFEC67
                                                                                                        • Part of subcall function 00FFFCBC: __getptd_noexit.LIBCMT ref: 00FFFCBC
                                                                                                        • Part of subcall function 01003E8D: __decode_pointer.LIBCMT ref: 01003E98
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                      • String ID:
                                                                                                      • API String ID: 3240763771-0
                                                                                                      • Opcode ID: 19897786509e69570d31ba0f9bf829e855451f69b8e3e3cd3575dab628f819ae
                                                                                                      • Instruction ID: 17af0c5c07e503dd4c014aa2a93b23676e6e38039b897bdeaacef351b57290f5
                                                                                                      • Opcode Fuzzy Hash: 19897786509e69570d31ba0f9bf829e855451f69b8e3e3cd3575dab628f819ae
                                                                                                      • Instruction Fuzzy Hash: C641A432E0060D9FDB25DF6989445BEBBB6AFC0330F248569EA56972B0D770DE41EB40
                                                                                                      Function 00FD0880 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FAAAE0: timeGetTime.WINMM(?,?,00FA9CE9), ref: 00FAAAF5
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FD09CB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FD09E2
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FD0A1D
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FD0A30
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$Timetime
                                                                                                      • String ID:
                                                                                                      • API String ID: 3073828507-0
                                                                                                      • Opcode ID: c6bb22953057452e826b37049eb4688a1292956cb3b1666c23341207515499f9
                                                                                                      • Instruction ID: 14a4ed5f2077ef2b3d86b344ed60a2c0dd68824405f7cbde12276a76a2bcd7c0
                                                                                                      • Opcode Fuzzy Hash: c6bb22953057452e826b37049eb4688a1292956cb3b1666c23341207515499f9
                                                                                                      • Instruction Fuzzy Hash: F0516C72918B419FC320DF2AC88566AF7E4FFD9310F105B2EF5D893291DB789844AB02
                                                                                                      Function 00F9CA60 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CB66
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9CB7B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9CB7E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9CB8D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: b99022c74c925284982308c4941a57d866b66b21846c8abbf3778267fa78a6f1
                                                                                                      • Instruction ID: c2bf065c9c04eafed88a36cb8413e9a05ee0b4899996ac423f3f5cbeee9e9415
                                                                                                      • Opcode Fuzzy Hash: b99022c74c925284982308c4941a57d866b66b21846c8abbf3778267fa78a6f1
                                                                                                      • Instruction Fuzzy Hash: 7D41B7729047064FDB24DF18CC91A6BB3E5EFD4360F08452DED9597241DB34EA099BD2
                                                                                                      Function 00FD47F0 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldiv
                                                                                                      • String ID:
                                                                                                      • API String ID: 3732870572-0
                                                                                                      • Opcode ID: 892124b1ecf06ddb61dd8c6ef7793876798b8c99b0afccf076bc5faa57f7f62d
                                                                                                      • Instruction ID: 7f546c88f829d61dff24c356ad13bdda6765827f9a83f84e1d2a4379a89c5fba
                                                                                                      • Opcode Fuzzy Hash: 892124b1ecf06ddb61dd8c6ef7793876798b8c99b0afccf076bc5faa57f7f62d
                                                                                                      • Instruction Fuzzy Hash: 05414A715093509FC344CF69C88096BBBF5EFC9354F484A2EF99893211D235E906DBA2
                                                                                                      Function 00F9E370 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9E42C
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9E43B
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F9E463
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9E472
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: a2df41175af460fbd40021a33cf197b75b1010654d79321deb09fff8528dc1fd
                                                                                                      • Instruction ID: bacbb67fc875e87ac4052434c8f1eae26af1793031b257666e550f47b430f41a
                                                                                                      • Opcode Fuzzy Hash: a2df41175af460fbd40021a33cf197b75b1010654d79321deb09fff8528dc1fd
                                                                                                      • Instruction Fuzzy Hash: FD418172B01A16ABE768DF28CC85BA6F3A5BF00310F054229D5298B250DB35FC64ABD1
                                                                                                      Function 00F62ED0 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F62F1F
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F62F32
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F62F8A
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F62F9D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: dbcdbc28fe3493851c4565e9b14299772795e2b878e739aa022e296abc38dd26
                                                                                                      • Instruction ID: 5479b4a8a142696c244747b7334190f21391e28643a25e3f87c4977e5d15b254
                                                                                                      • Opcode Fuzzy Hash: dbcdbc28fe3493851c4565e9b14299772795e2b878e739aa022e296abc38dd26
                                                                                                      • Instruction Fuzzy Hash: F231D6776087068FD311CF64D884DABB7A8EFD0361F14892EF880C7211EB39D90997A1
                                                                                                      Function 00F8EF50 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8EFF8
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8F00D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F8F010
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F8F01F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: ddb18608d28854da0e520e3f7d930df07119823f84fedbeadabfa80bac5235cf
                                                                                                      • Instruction ID: 7ad94c5914cdf3c1db67c5305fd29c5870c7981652cca7bade4e5cbcef81f017
                                                                                                      • Opcode Fuzzy Hash: ddb18608d28854da0e520e3f7d930df07119823f84fedbeadabfa80bac5235cf
                                                                                                      • Instruction Fuzzy Hash: 9921A2326013559FD721EF44DC80FEAB369EF95320F44813AFE809B242DB35D90997A1
                                                                                                      Function 00F7A4E0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(0000002E), ref: 00F7A56A
                                                                                                      • InterlockedIncrement.KERNEL32(0000002E), ref: 00F7A579
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F7A58F
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F7A59E
                                                                                                        • Part of subcall function 00FFD74D: __wcstoi64.LIBCMT ref: 00FFD759
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$__wcstoi64
                                                                                                      • String ID:
                                                                                                      • API String ID: 1068227719-0
                                                                                                      • Opcode ID: ceadb7821096689a2d556822dc475b96812a82fa47659db3df565c6d0fd39c6e
                                                                                                      • Instruction ID: e506c0575cf2781ca51a8981772616e3347d7d154d150b749d57643752b8768d
                                                                                                      • Opcode Fuzzy Hash: ceadb7821096689a2d556822dc475b96812a82fa47659db3df565c6d0fd39c6e
                                                                                                      • Instruction Fuzzy Hash: 4021AF63B402445BE621AA65AC81B6F734D9FC0720F0E407BFD4CD7241EA2DDE0862A3
                                                                                                      Function 00FD85F0 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FD86A4
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FD86B9
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FD86BC
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FD86CB
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalSection$DecrementEnterIncrement$Leave_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 2324998303-0
                                                                                                      • Opcode ID: 4bbb7ec65690cbc26c71f36654e9bdab20ba97aabdafe81ae82ed46a78a4c49b
                                                                                                      • Instruction ID: 1341d66736263d23be627114c918da291bdb0829183b5b9df681b5828b843309
                                                                                                      • Opcode Fuzzy Hash: 4bbb7ec65690cbc26c71f36654e9bdab20ba97aabdafe81ae82ed46a78a4c49b
                                                                                                      • Instruction Fuzzy Hash: 25214C7260A2A117C3119B259C4026ABF96EFCA321F1C45BEF4D4CB346DA3DD90B97A1
                                                                                                      Function 00FB2E80 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      • _fgets.LIBCMT ref: 00FB2EC3
                                                                                                      • _fgets.LIBCMT ref: 00FB2EFA
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FB2F0B
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FB2F1E
                                                                                                        • Part of subcall function 00F61420: InterlockedDecrement.KERNEL32(?), ref: 00F6142C
                                                                                                        • Part of subcall function 00F61420: InterlockedIncrement.KERNEL32(?), ref: 00F6143F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalDecrementIncrementSection_fgets$EnterLeave_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 3615722824-0
                                                                                                      • Opcode ID: f9f869a295a09eec648607bea1bb4eba5954aaeae3bf48670c9299239c6ad896
                                                                                                      • Instruction ID: 6df2647ff8d20069773226a614487818b37b5c3d61404483aa552329f0ece516
                                                                                                      • Opcode Fuzzy Hash: f9f869a295a09eec648607bea1bb4eba5954aaeae3bf48670c9299239c6ad896
                                                                                                      • Instruction Fuzzy Hash: DC213A337043111BD361AB66AC41ABBB798FF85330F18083AF981C7101EF29D50CAB91
                                                                                                      Function 00F67030 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00F6705C
                                                                                                      • LoadStringA.USER32(00000000,00000077,010C1240,00000800), ref: 00F670AB
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F670EC
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F670FF
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalDecrementEnterIncrementLoadSectionString_memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 889268882-0
                                                                                                      • Opcode ID: e92ca3bcc3beafeeaf143aed2c76a6a5cecd9b1eed7b8584a74aa0487ee45ce7
                                                                                                      • Instruction ID: 002e83859b78930053e2772ce0970eb68da1c09ff42916e5527a2fe5ff172914
                                                                                                      • Opcode Fuzzy Hash: e92ca3bcc3beafeeaf143aed2c76a6a5cecd9b1eed7b8584a74aa0487ee45ce7
                                                                                                      • Instruction Fuzzy Hash: DA31C3B1504345EFDB10DF54C884AEABBA9FF44344F54882EF9848B201C779EA58DF94
                                                                                                      Function 00FE4610 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FE468D
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FE46B1
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FE46C4
                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,?,00FE44D8), ref: 00FE46F2
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                        • Part of subcall function 00FBF5A0: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF616
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalInterlockedSection$Decrement$DeleteEnterIncrementLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3384528682-0
                                                                                                      • Opcode ID: 8cb9fd6aaa6abc3608da3fca0bd3afe02da2b9a357aa550039f68da268ce1b89
                                                                                                      • Instruction ID: a364adc98ab3262a15774b44969828c193babbd10560b5006495c63b54a57505
                                                                                                      • Opcode Fuzzy Hash: 8cb9fd6aaa6abc3608da3fca0bd3afe02da2b9a357aa550039f68da268ce1b89
                                                                                                      • Instruction Fuzzy Hash: 1D2186B7C002988FCB207F5ADCC4259B769AF41311B59446EEC009F10ADB39BD44DFA5
                                                                                                      Function 00F84FE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                      • InitializeCriticalSection.KERNEL32(0000001C,00F6A1F3), ref: 00F8501F
                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00F85036
                                                                                                      • _memset.LIBCMT ref: 00F850B0
                                                                                                      • _memset.LIBCMT ref: 00F850BF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset$CreateCriticalEventInitializeSection_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 3060630302-0
                                                                                                      • Opcode ID: 73e412cd0eadc568dac46998db4485a3a6fa4c9e8662c83f480d79e132202814
                                                                                                      • Instruction ID: 618231ac6fc0f833f75bbf0eca45ae603e1dec6c45460ba2f745f771135f0fe4
                                                                                                      • Opcode Fuzzy Hash: 73e412cd0eadc568dac46998db4485a3a6fa4c9e8662c83f480d79e132202814
                                                                                                      • Instruction Fuzzy Hash: DC31E3B2845F819FD321CF6A8890582FBF5BF297047848A2EE1DA83A51D7B4E184CB55
                                                                                                      Function 00F9C5F0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F9C643
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F9C658
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F9C65B
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F9C66A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 7d1cb59831b86506acedcdffd221d2bd515d4ed3eed99c01b8aa9606aed4936c
                                                                                                      • Instruction ID: 7bb2a3a7a8d19bcec2bff1c6096183b1daf466c1d1ce43a63f631498dc223d00
                                                                                                      • Opcode Fuzzy Hash: 7d1cb59831b86506acedcdffd221d2bd515d4ed3eed99c01b8aa9606aed4936c
                                                                                                      • Instruction Fuzzy Hash: F611E5737022155AE620AE19EC40ABFF758EFD5361F10863BF845C7100CA2AD9099BE5
                                                                                                      Function 00FD88D0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2102423945-0
                                                                                                      • Opcode ID: 848e03eda1150d20ebde199c6720053a74d42c8e7140e2d8868cb8d1afe3fccf
                                                                                                      • Instruction ID: 97a515570dd3eb317d16ab2b449ee5b9aea24ecb4913039b53276ebd88d3d550
                                                                                                      • Opcode Fuzzy Hash: 848e03eda1150d20ebde199c6720053a74d42c8e7140e2d8868cb8d1afe3fccf
                                                                                                      • Instruction Fuzzy Hash: 62112974B4438229F31263311CAFBEA37825B92B80F2C09BEE4D6CF683D8C5518A5647
                                                                                                      Function 00F9C690 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32 ref: 00F9C6A4
                                                                                                      • InterlockedIncrement.KERNEL32 ref: 00F9C6B7
                                                                                                      • GetWindowTextLengthA.USER32(00000000), ref: 00F9C6D1
                                                                                                      • GetWindowTextA.USER32(00000000,?,00000001), ref: 00F9C70E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InterlockedTextWindow$DecrementIncrementLength
                                                                                                      • String ID:
                                                                                                      • API String ID: 1915545421-0
                                                                                                      • Opcode ID: 671312b1de3f4dfe3396347117b9b3200929fed01f45ac4d510d6f289cf1f14d
                                                                                                      • Instruction ID: a3ef14f8d47f62cd6670f89fd1da8bb26998d6f53adf16ea1668b42eb64cd885
                                                                                                      • Opcode Fuzzy Hash: 671312b1de3f4dfe3396347117b9b3200929fed01f45ac4d510d6f289cf1f14d
                                                                                                      • Instruction Fuzzy Hash: 5911E5335012209FEB209B58EC84B57B79CEF46761F548176F646AB105C738A8059BE5
                                                                                                      Function 00F8EBF0 Relevance: 6.1, APIs: 4, Instructions: 59networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • inet_addr.WSOCK32(00000000,?,?,?,?,?,?,00000000), ref: 00F8EC50
                                                                                                      • htons.WSOCK32(?,?,?,?,?,?,?,00000000), ref: 00F8EC5F
                                                                                                      • socket.WSOCK32(00000002,00000001,00000000,?,?,?,?,?,?,00000000), ref: 00F8EC70
                                                                                                      • connect.WSOCK32(00000000,?,00000010,?,?,?,?,?,?,00000000), ref: 00F8EC85
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: connecthtonsinet_addrsocket
                                                                                                      • String ID:
                                                                                                      • API String ID: 2760923787-0
                                                                                                      • Opcode ID: a5e8fa46a2c5945118b097f2641d54708955e719875ef78aa5e9eed6291ef0e4
                                                                                                      • Instruction ID: 3ebc73a224fb24f3bcde34841114b43c803f4f68b768526b54d50e2d1bc1f402
                                                                                                      • Opcode Fuzzy Hash: a5e8fa46a2c5945118b097f2641d54708955e719875ef78aa5e9eed6291ef0e4
                                                                                                      • Instruction Fuzzy Hash: 67119DB0E047019BEB24AF38DA4A76B76E4FF99710F448A1EF486C6190E778D904DB12
                                                                                                      Function 0100D024 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                      • String ID:
                                                                                                      • API String ID: 3016257755-0
                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                      • Instruction ID: 1dd41975ad33bb3e165a6dc34971bf7df2f8300488b3762b8184996124dc0866
                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                      • Instruction Fuzzy Hash: BD117E3240018ABBEF639ED8CC01DEE3F72BB58294F498554FA9858170C232C5B2AB91
                                                                                                      Function 00FB28F0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB2907
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB2916
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00FB2935
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00FB2944
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 07b31b26698e18faa56ef67edb953aaa40760d36adf8512ef61bafa68a36c6c4
                                                                                                      • Instruction ID: af2d65387e0858fa87c1a02b993cd092381837dbb0664eea3dd1a40e59927348
                                                                                                      • Opcode Fuzzy Hash: 07b31b26698e18faa56ef67edb953aaa40760d36adf8512ef61bafa68a36c6c4
                                                                                                      • Instruction Fuzzy Hash: E9F0AFB3502A226BD6726A02DC817EAF358FF00724F048161D818A7900CB2DF920BBE8
                                                                                                      Function 00F62A90 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(6E657265), ref: 00F62AA7
                                                                                                      • InterlockedIncrement.KERNEL32(6E657265), ref: 00F62AB6
                                                                                                      • InterlockedDecrement.KERNEL32(66657250), ref: 00F62AD5
                                                                                                      • InterlockedIncrement.KERNEL32(66657250), ref: 00F62AE4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 07b31b26698e18faa56ef67edb953aaa40760d36adf8512ef61bafa68a36c6c4
                                                                                                      • Instruction ID: 65126759f25d75596a85392df838b7f92ab0ec2fec07043a36cc632a746d0eaf
                                                                                                      • Opcode Fuzzy Hash: 07b31b26698e18faa56ef67edb953aaa40760d36adf8512ef61bafa68a36c6c4
                                                                                                      • Instruction Fuzzy Hash: A0F0C2B3A42E226BD6B19B55CC817AAF368FF00720F088161D814A7600CB6DF920B7E4
                                                                                                      Function 00F63310 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F63327
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F63336
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F63355
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F63364
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 07b31b26698e18faa56ef67edb953aaa40760d36adf8512ef61bafa68a36c6c4
                                                                                                      • Instruction ID: a49e17d44c0856a29d26d0216e6a3836c2d980b96242d2641f438afa4686db5c
                                                                                                      • Opcode Fuzzy Hash: 07b31b26698e18faa56ef67edb953aaa40760d36adf8512ef61bafa68a36c6c4
                                                                                                      • Instruction Fuzzy Hash: B1F062B3902A226BDB315B15DC827AAF358FF01724F158161D814E7601DF2DFA60A7E8
                                                                                                      Function 00F61250 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID:
                                                                                                      • API String ID: 2172605799-0
                                                                                                      • Opcode ID: 08278c28ad87635a15f9438b011c413ea3ac5e58ee6597d04bc6ae59aea97984
                                                                                                      • Instruction ID: e81adc7cc6e264e26abeed2dbb51a6e54b2d7b4e9bc38c0496af17038eaa4e22
                                                                                                      • Opcode Fuzzy Hash: 08278c28ad87635a15f9438b011c413ea3ac5e58ee6597d04bc6ae59aea97984
                                                                                                      • Instruction Fuzzy Hash: 6BF062739026265BD6619B14DC90BAAB368FF05714F1C4122ED40E7214CB2DEE54A7E5
                                                                                                      Function 00F63250 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F63276
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6328B
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6328E
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6329D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 880407097-0
                                                                                                      • Opcode ID: bcdfc9046653ee97d033055629c0bedbfb5a5f5a03b1b6ea1380b898439f0abe
                                                                                                      • Instruction ID: 988af292d8ca68e56370c9a41d92d75cb3794eeba38c460e8a4a9807f4ca5e81
                                                                                                      • Opcode Fuzzy Hash: bcdfc9046653ee97d033055629c0bedbfb5a5f5a03b1b6ea1380b898439f0abe
                                                                                                      • Instruction Fuzzy Hash: 1DF0B43320262517C221AA09EC41AAFB34CDFD6722F008137F940D2105CB2DDA0956B6
                                                                                                      Function 00FA8D90 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _memset.LIBCMT ref: 00FA8DCF
                                                                                                      • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000000,00000090,?), ref: 00FA8DE5
                                                                                                      • VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00FA8DED
                                                                                                      • VerifyVersionInfoA.KERNEL32(?,00000003,00000000), ref: 00FA8DF8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ConditionMask$InfoVerifyVersion_memset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3299124433-0
                                                                                                      • Opcode ID: b849a2969eb7a96f0515aeefaa3a1902275a3e577579aec9a982542afb5c6a17
                                                                                                      • Instruction ID: d26334982142009cf2fc912ec71a57a27f917655f202c003cc783ac4889ed46c
                                                                                                      • Opcode Fuzzy Hash: b849a2969eb7a96f0515aeefaa3a1902275a3e577579aec9a982542afb5c6a17
                                                                                                      • Instruction Fuzzy Hash: D30131B1654704AFF220EF249D46FA77B98DB84B10F004509BA985A1C1D6B556088BE7
                                                                                                      Function 00FA8FD0 Relevance: 6.0, APIs: 4, Instructions: 38threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemPowerStatus.KERNEL32 ref: 00FA8FED
                                                                                                      • InterlockedIncrement.KERNEL32(010C70C0), ref: 00FA9015
                                                                                                      • SetThreadExecutionState.KERNEL32(80000041), ref: 00FA902D
                                                                                                      • SetThreadExecutionState.KERNEL32(80000000), ref: 00FA903F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExecutionStateThread$IncrementInterlockedPowerStatusSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 4129750793-0
                                                                                                      • Opcode ID: 5995b06eb54eec61e7ee50e5c76242eb77a50eb5047e3c698dfdf6e5acf39b1f
                                                                                                      • Instruction ID: ca7913986fb60ba503f589b82718d3b54c0543b25b6a434f4f14a292e4743428
                                                                                                      • Opcode Fuzzy Hash: 5995b06eb54eec61e7ee50e5c76242eb77a50eb5047e3c698dfdf6e5acf39b1f
                                                                                                      • Instruction Fuzzy Hash: 76F0A474A482406AD7115770A9043967BA06F63755F14CA2EFCC443141D3AE854CE752
                                                                                                      Function 00FD6780 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadCursorA.USER32(?,00007F01), ref: 00FD67AA
                                                                                                      • SetCursor.USER32(00000000,?,00007F01,00FD6C04,?,?), ref: 00FD67B1
                                                                                                      • LoadCursorA.USER32(00000000,000000C1), ref: 00FD67E5
                                                                                                      • SetCursor.USER32(00000000), ref: 00FD67EC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cursor$Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 1675784387-0
                                                                                                      • Opcode ID: 520bfbcdf3c96d085ac816deb4ed3e4c03ce1e37ebe28447653fb46fba7ebc7e
                                                                                                      • Instruction ID: 772766d9c19baf3d43a69f22730a3c7cd9067428802c4a8a2cc425b961320dbe
                                                                                                      • Opcode Fuzzy Hash: 520bfbcdf3c96d085ac816deb4ed3e4c03ce1e37ebe28447653fb46fba7ebc7e
                                                                                                      • Instruction Fuzzy Hash: 010112B490A2C09FEB11D3746D5DFA93F853F16319F0D49FAE2898B357CD6A1048A721
                                                                                                      Function 00FF0E10 Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FF0E17
                                                                                                      • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,00F6B7C2,?), ref: 00FF0E3A
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00F6B7C2,?), ref: 00FF0E56
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00F6B7C2,?), ref: 00FF0E67
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle$DecrementFileInterlockedUnmapView
                                                                                                      • String ID:
                                                                                                      • API String ID: 2072984871-0
                                                                                                      • Opcode ID: 4027104ca2737af63202a1fbfea8d9ccf524aa2501d94f5f7ea2f53f322d4ca0
                                                                                                      • Instruction ID: 7e7f32a5705d74ae5d6ada13bd96243a1a42cc8c6e3d7c5c3a28d6bce7fc3411
                                                                                                      • Opcode Fuzzy Hash: 4027104ca2737af63202a1fbfea8d9ccf524aa2501d94f5f7ea2f53f322d4ca0
                                                                                                      • Instruction Fuzzy Hash: 69F03AB5A007058BEB309F6AD948B27F3ECAF00750F108C19EE95C3261EB78E940CB20
                                                                                                      Function 00FA6820 Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindow.USER32(00000000), ref: 00FA683C
                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00FA684C
                                                                                                      • PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00FA6862
                                                                                                      • PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00FA6870
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostWindow$Visible
                                                                                                      • String ID:
                                                                                                      • API String ID: 2246049238-0
                                                                                                      • Opcode ID: da5e72deff8b41fdb8b32fa4c1723934b08e647272134aaf75178fc3841b13de
                                                                                                      • Instruction ID: bffa6cce9a71c9f2e58d75dcee2ea9e0d33e0b678d2066515c4af63f2c0092d5
                                                                                                      • Opcode Fuzzy Hash: da5e72deff8b41fdb8b32fa4c1723934b08e647272134aaf75178fc3841b13de
                                                                                                      • Instruction Fuzzy Hash: 32F01CB4F40201AFEF308B73AD4CB2237ACAB01710F1C8419B585D60D8CA6EDA80DF65
                                                                                                      Function 00FC32A0 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00FC32AA
                                                                                                      • EnterCriticalSection.KERNEL32(010C120C), ref: 00FC32B8
                                                                                                      • LeaveCriticalSection.KERNEL32(010C120C), ref: 00FC32D1
                                                                                                      • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000), ref: 00FC32E3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$CurrentEnterExceptionLeaveRaiseThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2662421713-0
                                                                                                      • Opcode ID: 7abbb5e67435a01179c9b430dcc3ce5168c3476c8c4677e3931b7e1078c7559a
                                                                                                      • Instruction ID: bd9bf307a5c4187e213b7338443726f184f9592819497f6ca2bed6df5bbd5516
                                                                                                      • Opcode Fuzzy Hash: 7abbb5e67435a01179c9b430dcc3ce5168c3476c8c4677e3931b7e1078c7559a
                                                                                                      • Instruction Fuzzy Hash: 28E0EDF4A41701ABDA304F61AA49B9936A5A708B12F10C50DE9D5DA144C6799550CF14
                                                                                                      Function 00FA52F0 Relevance: 6.0, APIs: 4, Instructions: 23keyboardwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ReleaseCapture.USER32 ref: 00FA52F0
                                                                                                      • GetSystemMetrics.USER32(00000017), ref: 00FA52F8
                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00FA5306
                                                                                                      • SendMessageA.USER32(?,00000112,0000F012,00000000), ref: 00FA5330
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AsyncCaptureMessageMetricsReleaseSendStateSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 861949510-0
                                                                                                      • Opcode ID: 2973ab767c53dc38cce885e12e63c5132e0484f2f2ea280d66950674a686f90e
                                                                                                      • Instruction ID: ddbf36e102a4cedc57eea386447643371f899c0143a165e4a11482e9a90845c1
                                                                                                      • Opcode Fuzzy Hash: 2973ab767c53dc38cce885e12e63c5132e0484f2f2ea280d66950674a686f90e
                                                                                                      • Instruction Fuzzy Hash: 6EE026702D02059BEA205770C90DF6A7268FB54B41F40C625BB92CA1C6DEBC8C00A714
                                                                                                      Function 00F8A590 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 400COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __localtime64__time64
                                                                                                      • String ID: Sunset
                                                                                                      • API String ID: 3099643277-3360082107
                                                                                                      • Opcode ID: 901399aaa6ea8f7fe8b78f7fb39f46d324def28a28a1af0f4c8e657ce9c33267
                                                                                                      • Instruction ID: 01e332d7712b8f067f4b176c54633b4117beb855e2fe326fc6c90a3ac33a8f9c
                                                                                                      • Opcode Fuzzy Hash: 901399aaa6ea8f7fe8b78f7fb39f46d324def28a28a1af0f4c8e657ce9c33267
                                                                                                      • Instruction Fuzzy Hash: D302A531C19F858ED223EA36845169AF7A5BFEB6C0F04CB0BF88676051EB3554D5DB02
                                                                                                      Function 00FC4FC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FC4CF0: lstrlenA.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4D23
                                                                                                        • Part of subcall function 00FC4CF0: CharNextA.USER32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5,?,00000000), ref: 00FC4DBA
                                                                                                        • Part of subcall function 00FC4CF0: CharNextA.USER32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4DC0
                                                                                                        • Part of subcall function 00FC4CF0: CharNextA.USER32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4DC6
                                                                                                        • Part of subcall function 00FC4CF0: CharNextA.USER32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00FC4FF5), ref: 00FC4DCC
                                                                                                        • Part of subcall function 00FC4CF0: CharNextA.USER32 ref: 00FC4E9C
                                                                                                        • Part of subcall function 00FC4CF0: CharNextA.USER32(00000000), ref: 00FC4EA9
                                                                                                      • lstrcmpiA.KERNEL32(?), ref: 00FC503D
                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00FC50B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CharNext$FreeTasklstrcmpilstrlen
                                                                                                      • String ID: {
                                                                                                      • API String ID: 578241257-366298937
                                                                                                      • Opcode ID: e7790bd5f3ba7762f5854c9c8471f9d63f6f55b9c48491bb2eb1ef2347e696aa
                                                                                                      • Instruction ID: 01d030b0d5f1157d6d6c71551d52597e38bb465a98e69c45f4e4bb8151b7b4a0
                                                                                                      • Opcode Fuzzy Hash: e7790bd5f3ba7762f5854c9c8471f9d63f6f55b9c48491bb2eb1ef2347e696aa
                                                                                                      • Instruction Fuzzy Hash: BB31C572244A035BD311DA189D92F6BB3E9ABC4B50F14081DB585C7240EB78ED85A7E2
                                                                                                      Function 00FB06F7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB0798
                                                                                                      Strings
                                                                                                      • Collision found! (layer/object names must be unique), xrefs: 00FB146F
                                                                                                      • Need argument for decrect (filename/layername), xrefs: 00FB0716
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: IncrementInterlocked
                                                                                                      • String ID: Collision found! (layer/object names must be unique)$Need argument for decrect (filename/layername)
                                                                                                      • API String ID: 3508698243-1587955763
                                                                                                      • Opcode ID: 43cd8c9f865615da58951e3635f83dfdccd9233ac8e84cf730644b5413e3711e
                                                                                                      • Instruction ID: 1faadb7d837ff27767d4e404bf0c4930504dceb8d4def8bd2e5a9cac983c565a
                                                                                                      • Opcode Fuzzy Hash: 43cd8c9f865615da58951e3635f83dfdccd9233ac8e84cf730644b5413e3711e
                                                                                                      • Instruction Fuzzy Hash: 634181B1A043408BD730EF65DC92B9FB3E4AF85714F54482DB58A87242EF74A908DF92
                                                                                                      Function 00FA44F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FFD99F: _malloc.LIBCMT ref: 00FFD9B9
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FA45AB
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FA45BE
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$CriticalDecrementEnterIncrementSection_malloc
                                                                                                      • String ID: f.lux test
                                                                                                      • API String ID: 1944140780-2480869040
                                                                                                      • Opcode ID: 7132e5a6ad6ea606d8735bf995c82b9a7613ab03837f82747c9f842b3ba30942
                                                                                                      • Instruction ID: 1e98c085702d5f6e03647af833bab57647325e6ade4287abee52f15cf5f47976
                                                                                                      • Opcode Fuzzy Hash: 7132e5a6ad6ea606d8735bf995c82b9a7613ab03837f82747c9f842b3ba30942
                                                                                                      • Instruction Fuzzy Hash: EF41FBB28053899FCB20DF6A88805DEBBE4BF99304F98462EF85897201C774D645DB95
                                                                                                      Function 00FB055D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(010C7098), ref: 00FB0562
                                                                                                        • Part of subcall function 00FBF460: EnterCriticalSection.KERNEL32(010BF268,?,00000000,?,00F9C1BC,?,?,?,00000000,?,00F9C53F,?,?,00000000,?,00000001), ref: 00FBF476
                                                                                                        • Part of subcall function 00FBF460: _malloc.LIBCMT ref: 00FBF4CB
                                                                                                        • Part of subcall function 00FBF460: LeaveCriticalSection.KERNEL32(010BF268), ref: 00FBF4E3
                                                                                                      Strings
                                                                                                      • Collision found! (layer/object names must be unique), xrefs: 00FB146F
                                                                                                      • Can't load child PSD file., xrefs: 00FB0620
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterIncrementInterlockedLeave_malloc
                                                                                                      • String ID: Can't load child PSD file.$Collision found! (layer/object names must be unique)
                                                                                                      • API String ID: 2088154071-498357870
                                                                                                      • Opcode ID: fc4286696aa5e42e8c887b2468c57fc16241acff69c9cae80bde66d93c06067a
                                                                                                      • Instruction ID: 1e5aeac02159ee5517cd37ac7927def25a63835696228ab5d2e6d5c7fa6181ff
                                                                                                      • Opcode Fuzzy Hash: fc4286696aa5e42e8c887b2468c57fc16241acff69c9cae80bde66d93c06067a
                                                                                                      • Instruction Fuzzy Hash: 91312C71A003018BD710EF36ED52AA773A5AFD6750F084629F846A7153FB34ED58EA22
                                                                                                      Function 00F6D070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00FB46A0: InterlockedIncrement.KERNEL32(00000000), ref: 00FB46EC
                                                                                                        • Part of subcall function 00FB46A0: InterlockedDecrement.KERNEL32(00000000), ref: 00FB46FB
                                                                                                        • Part of subcall function 00FB46A0: InterlockedDecrement.KERNEL32(00000000), ref: 00FB4724
                                                                                                        • Part of subcall function 00FB46A0: InterlockedIncrement.KERNEL32(00000000), ref: 00FB4733
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F6D164
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F6D177
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: flux/wtime
                                                                                                      • API String ID: 2172605799-1305191212
                                                                                                      • Opcode ID: 12d772dedbb23dc17636dbad4229145d294bccabfe85a642460233caa375f734
                                                                                                      • Instruction ID: b64651519c6c27f9e8f6d6147d96c32feaa0bbff8dec86809ce8797e1bb032e8
                                                                                                      • Opcode Fuzzy Hash: 12d772dedbb23dc17636dbad4229145d294bccabfe85a642460233caa375f734
                                                                                                      • Instruction Fuzzy Hash: 4231C771B047018BD710BF34CC8179BB3E4AF85714F044A79FC89AB246DB78D9499BA6
                                                                                                      Function 00FBE000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00FBE0D3
                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 00FBE0E6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: <add something>
                                                                                                      • API String ID: 2172605799-4133381648
                                                                                                      • Opcode ID: fb48fe457059bab7bbf5548f6c455d1d03069f250c3317202e26751c10375881
                                                                                                      • Instruction ID: 957df1a384cea20a1efac9aac97ddaf3ff5e2c4037bbe334fb67816763b64f88
                                                                                                      • Opcode Fuzzy Hash: fb48fe457059bab7bbf5548f6c455d1d03069f250c3317202e26751c10375881
                                                                                                      • Instruction Fuzzy Hash: FA215E716047019FD720EF26D885BDBB7E8EF84364F04882DE999C7241D779E9089FA2
                                                                                                      Function 00F84830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F848B8
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F848CB
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F6126F
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F6127E
                                                                                                        • Part of subcall function 00F61250: InterlockedIncrement.KERNEL32(00000000), ref: 00F612A0
                                                                                                        • Part of subcall function 00F61250: InterlockedDecrement.KERNEL32(00000000), ref: 00F612AF
                                                                                                        • Part of subcall function 00FBF5A0: EnterCriticalSection.KERNEL32(010BF268,00F6128D,?,?,?,00000000,00000000,00F6251A,?,00000000,00000000,000F003F), ref: 00FBF5AE
                                                                                                      Strings
                                                                                                      • %dK LED-backlit display, xrefs: 00F84841
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement$CriticalEnterSection
                                                                                                      • String ID: %dK LED-backlit display
                                                                                                      • API String ID: 880407097-625857419
                                                                                                      • Opcode ID: 546b64988a04570c7b548dafc378642570ffe03501d43dde73e49bcd546a0815
                                                                                                      • Instruction ID: 8014d495ae8d1e120bd655718d721edfd73df54dcbd05001c740f37a59484ab0
                                                                                                      • Opcode Fuzzy Hash: 546b64988a04570c7b548dafc378642570ffe03501d43dde73e49bcd546a0815
                                                                                                      • Instruction Fuzzy Hash: 191106366006114BD611BB24EC867DA7394EF81366F040439FC44DB101DB3DAA0DA3F2
                                                                                                      Function 00F906F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00F9075E
                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00F90771
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement
                                                                                                      • String ID: while(1);
                                                                                                      • API String ID: 2172605799-4100800815
                                                                                                      • Opcode ID: f23a21b7d2faa1312cd4ad8cb96c23bf29f7017932750a389bae4ca9fa3391ef
                                                                                                      • Instruction ID: b6b2d0cae761097e665d13d46bffe0420db734d9e751cf39caa0bf81e4df8733
                                                                                                      • Opcode Fuzzy Hash: f23a21b7d2faa1312cd4ad8cb96c23bf29f7017932750a389bae4ca9fa3391ef
                                                                                                      • Instruction Fuzzy Hash: 0501F176A002229FFF315B689C44BBA7798DF01771F090064FC84E7201EB29ED05ABD2
                                                                                                      Function 00F7A2A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00F7E8C0: _memset.LIBCMT ref: 00F7E94C
                                                                                                        • Part of subcall function 00F7E8C0: __snprintf.LIBCMT ref: 00F7E969
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedDecrement.KERNEL32(00000000), ref: 00F7E9AC
                                                                                                        • Part of subcall function 00F7E8C0: InterlockedIncrement.KERNEL32(00000000), ref: 00F7E9BF
                                                                                                      • __time64.LIBCMT ref: 00F7A303
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Interlocked$DecrementIncrement__snprintf__time64_memset
                                                                                                      • String ID: installdate4$update
                                                                                                      • API String ID: 2552942591-607565505
                                                                                                      • Opcode ID: e1a7254ea6926c2a6b4d9199a7bca7a16b17090d250c2d14964687a486c61f2c
                                                                                                      • Instruction ID: f3cdd0f170a7435787108f69b19a1f05aae67ec64c9ae14b4b801ced9df2071e
                                                                                                      • Opcode Fuzzy Hash: e1a7254ea6926c2a6b4d9199a7bca7a16b17090d250c2d14964687a486c61f2c
                                                                                                      • Instruction Fuzzy Hash: AC116D718083015AD350EB69DC41B5FBBD89FC4364F008A2EF89C92152E774DA48DB97
                                                                                                      Function 00F850D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • SETUP: Error device size should not be set more than once , xrefs: 00F850DB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _memset_printf
                                                                                                      • String ID: SETUP: Error device size should not be set more than once
                                                                                                      • API String ID: 1469192381-1091666620
                                                                                                      • Opcode ID: 4094778c50000e7f22db09316085f3ea7c004b38ae7675aef50697a7b53ced91
                                                                                                      • Instruction ID: ad12912f56dbee3453ad7b7807612fda77b34611a43db4d764640ecfd4419189
                                                                                                      • Opcode Fuzzy Hash: 4094778c50000e7f22db09316085f3ea7c004b38ae7675aef50697a7b53ced91
                                                                                                      • Instruction Fuzzy Hash: 3C11A1F1804B419FD321EF28C805B82FBE9AF54304F14892EE0D987651D3B5B594CBE2
                                                                                                      Function 01012A84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __CxxThrowException@8.LIBCMT ref: 01012A6B
                                                                                                        • Part of subcall function 010018E7: RaiseException.KERNEL32(?,?,00FFDA03,00000000,?,?,?,?,00FFDA03,00000000,0103E894,010C06C4,00000000,00FADC46,?), ref: 01001929
                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 01012A93
                                                                                                        • Part of subcall function 010060E9: std::bad_exception::bad_exception.LIBCMT ref: 010060F4
                                                                                                      Strings
                                                                                                      • Access violation - no RTTI data!, xrefs: 01012A8B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: std::bad_exception::bad_exception$ExceptionException@8RaiseThrow
                                                                                                      • String ID: Access violation - no RTTI data!
                                                                                                      • API String ID: 1432139112-2158758863
                                                                                                      • Opcode ID: bc63f305fbb43ba6231fdfa37f9d3e7829d1ae1f8249656c2524badfdc4f665b
                                                                                                      • Instruction ID: 88ddd9c8702a9b800c86776ca6fec144c65920a61619da8c5dbd69db9fd02971
                                                                                                      • Opcode Fuzzy Hash: bc63f305fbb43ba6231fdfa37f9d3e7829d1ae1f8249656c2524badfdc4f665b
                                                                                                      • Instruction Fuzzy Hash: BFE01276E102098FDF14DBA5D882BEEB7B4AB09311F144458F442FB250D774EA50DF61
                                                                                                      Function 01012308 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00FC699E,?,00FCA158), ref: 01012289
                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 01012290
                                                                                                        • Part of subcall function 010121A1: IsProcessorFeaturePresent.KERNEL32(0000000C,01012277,00000000,00FC699E,?,00FCA158), ref: 010121A3
                                                                                                      • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 010122B2
                                                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 010122DF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000002.00000002.2232145872.0000000000F61000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F60000, based on PE: true
                                                                                                      • Associated: 00000002.00000002.2232056972.0000000000F60000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232227236.0000000001018000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232253516.0000000001042000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001044000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000104E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001050000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001052000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001054000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001056000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001058000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000105E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001060000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001062000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001064000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001066000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.0000000001068000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232269619.000000000106C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232639240.00000000010C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                      • Associated: 00000002.00000002.2232693230.00000000010CA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_2_2_f60000_flux.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                                                      • String ID:
                                                                                                      • API String ID: 4058086966-0
                                                                                                      • Opcode ID: 613a144b2a64dd72c6af06767e1d34c94e8e4c9d7356a9e4d11cc3ee70dfba12
                                                                                                      • Instruction ID: 6a17949099715854f8192127f42e571b885f65253d1ad839d4aae4b64b19710b
                                                                                                      • Opcode Fuzzy Hash: 613a144b2a64dd72c6af06767e1d34c94e8e4c9d7356a9e4d11cc3ee70dfba12
                                                                                                      • Instruction Fuzzy Hash: 1F01D676245211BBE7711768BC08BDE3A9EAF40741F654061FAC0D625DCB3EC8108B64